Last name is "sn" for Surname. You can use a script with PutEx for this, I think.
Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753 -----Original Message----- From: Andy Grafton [mailto:orangerover@;hotmail.com] Sent: Tuesday, November 12, 2002 11:27 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Granular permissions : user objects MessageHi, all. Active Directory, Windows 2000, SP3, no exchange prep. Please restrain yourselves from asking "*why* do you want to do this?". If you'd like to know, give me a shout offlist. I need to grant permissions for SELF to change the First Name and Last Name (givenName, sn in LDAP notation) attributes in AD. My worry is that in the granular permissions settings for a user object, I can't see any reference to Last Name (nor Surname, nor or any other "aliases" I am familiar with). I can see and set (amongst the numerous other permissions settings) Read First Name Write First Name Read Middle Name Write Middle Name ... even the oh-so-useful ... Read/Write International ISDN number (others) ... but try as I might, I can't find the switch for the Last Name field. I can presumably work around it by giving SELF permissions to "Write Personal Information", and then denying the things which I don't want them to be able to change, but that doesn't seem very elegant or intuitive. Is that the way it should be? I've looked in vain for documenation and can't find anything. I've looked in a couple of other domains and the situation is the same, even when including Exchange Schema extensions. The way I'm getting to the permisisons is via the AD U&C plugin for MMC. Right click user object -> properties security tab advanced... add... SELF properties tab If anyone knows what happened to the Last Name switch, or whether its simply not supposed to be there, please let me know! All the best, Andy List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
