PROTECTED] Behalf Of Free, Bob
Sent: Friday, August 12, 2005 2:26 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] account operators
Has anyone used shim products like NetIQ DRA?
I've used it previously when it was a product from Mission Critical
We used it extensively in the NT days when
: Tuesday, August 23, 2005 9:35 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] account operators
We're using ActiveRoles, too, and I like it a lot. The problem with a
proxied account these days is that auditors want to know who did what and
being able to pin it down to some service account
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, August 12, 2005 12:00 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] account operators
Sorry Rick, I have to correct you on this one.
An account operator absolutely has enough rights to mailbox enable a user.
AccOps
: RE: [ActiveDir] account operators
Sorry Rick, I have to correct you on this one.
An account operator absolutely has enough rights to mailbox enable a user.
AccOps by default have FC over user objects, they can do ANYTHING to a user
they want to. The key is they have to know how to. You could
, August 12, 2005 1:04 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] account operators
I remember reading something alluding to this on built-in groups in
general... can't remember where (maybe it was joe), but the general
principal was that if you utilise any of the built
I expect they lack Exchange View Only Admin permissions (or higher).
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Thursday, August 11, 2005 8:27 AM
To: activedirectory
Subject: [ActiveDir] account operators
is there any reason an
AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] account operators
I thought AO had complete rights to the user object which would include
exchange attribs.
i guess they still need rights to the store?
is that it?
thanks
On 8/11/05, Coleman, Hunter [EMAIL PROTECTED] wrote:
I expect
@mail.activedir.org
Subject: Re: [ActiveDir] account operators
I thought AO had complete rights to the user object which would include
exchange attribs.
i guess they still need rights to the store?
is that it?
thanks
On 8/11/05, Coleman, Hunter [EMAIL PROTECTED] wrote:
I expect they lack Exchange View Only
PROTECTED] On Behalf Of Tom Kern
Sent: Thursday, August 11, 2005 10:57 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] account operators
I thought AO had complete rights to the user object which would include
exchange attribs.
i guess they still need rights to the store
is created.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Thursday, August 11, 2005 9:57 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] account operators
I thought AO had complete rights to the user object which would
@mail.activedir.org
Subject: Re: [ActiveDir] account operators
i plan on getting rid of it.
my question is really for my own knowldge.
if homeMDB and mailNickname are parts of a user attrib and AO has full
control on that user by default, why can't they set a mailbox via
ADUC? I guess ADUC uses CDOEXM?
also
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Thursday, August 11, 2005 9:57 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] account operators
I thought AO had complete rights to the user object which would
include exchange
Subject: Re: [ActiveDir] account operators
thats what i thought but then it would make sense that AO group would
be able to set that attrib on a user they have full control over.
why can't they create a mailbox for a regular user?
thanks as always, rick
On 8/11/05, Rick Kingslan [EMAIL PROTECTED
] On Behalf Of Rick Kingslan
Sent: Thursday, August 11, 2005 12:30 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] account operators
why can't they create a mailbox for a regular user?
Simply, the Account Operator is designed to work as a principal that allows
work on accounts
google for adminsdholder
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Creamer,
MarkSent: Tuesday, July 20, 2004 10:33 AMTo:
[EMAIL PROTECTED]Subject: [ActiveDir] account operators
and admins
Is there
a built-in mechanism that keeps account operators from being able
Thanks Bob,
looks like thats whats happening
mc
From: Free, Bob
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 20, 2004 1:54
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] account
operators and admins
google for adminsdholder
From:
[EMAIL PROTECTED] [mailto
-Original Message-
From: [EMAIL PROTECTED]
[mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of David Adner
Sent: Friday, October 18, 2002 8:08 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Account Operators can't move users
Well, sorry to raise a fuss, since when I
technology
is indistinguishable from magic.
--- Arthur C. Clarke
-Original Message-
From: [EMAIL PROTECTED]
[mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of David Adner
Sent: Friday, October 18, 2002 8:08 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Account Operators
Is delegating required to make this work or just a work-around? I have no
problems doing it; I just want to understand this better. Thanks
Delegate the rights to them
-Original Message-
From: [EMAIL PROTECTED]
[mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of David Adner
Sent:
We've seen the same thing here. Apparently, anyone in the Account
Operators group cannot change anyone else in Account Operators or
Administrators, even if they have adequate AD permissions.
This happens for any AD modification, not just mailbox moves.
-Original Message-
From: David
I checked and they do have this permission. Also, they create users in the
target OU's with no problems, so wouldn't that indicate they have this
permission?
The account operators group will need the create user object permission on
the OU that they are moving the user to. When you move a
The account operators group will need the create user object permission on
the OU that they are moving the user to. When you move a user it is
creating the user in the OU that you are moving it to.
Tim Hines, MCSA, MCSE (2000 NT4)
MVP - Active Directory
- Original Message -
From:
What is the exact error that the user receives when he attempts to move a
user?
Tim Hines, MCSA, MCSE (2000 NT4)
MVP - Active Directory
- Original Message -
From: David Adner [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 17, 2002 7:48 PM
Subject: Re: [ActiveDir
Well, sorry to raise a fuss, since when I created a test account, added it
to the Account Operators group, and tried moving users, it worked. So I'm
going to have to work with the user to figure out exactly what's going on.
What is the exact error that the user receives when he attempts to
24 matches
Mail list logo