True
to your overall statement, if you lock things down and only allow updates
through interfaces with business rules you can completely control what goes out
there.
I am
curious about your initial statement, are you saying you have something that
injects into the AD internal processes and will inflict business rules on
updates irregardless of source? I wasn't aware anyone had something like that
but fully figured someone would do it if MS didn't. OR are you simply saying
what I said above, you lock things down and only allow updates through
interfaces with business rules?
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hazelman, Doug
Sent: Friday, July 18, 2003 4:29 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Locking Down User Information Fields in ADJoe,There are <plug> third party tools that do allow you to define "rules" for property validation that are enforced on the server side and not the client side so that they can't be bypassed. You can define that the phone number must be in the format (xxx) xxx-xxxx and it will not allow x to be anything but numeric. This format is OK if you're a North America only company, it gets more complex if you need to support multiple country phone number formats. These tools also allow for a simplified and customizable web interface for users to go to for making the change themselves </plug>.-dougDirector of Product ManagementAelita Software
From: Joe [mailto:[EMAIL PROTECTED]
Sent: Friday, July 18, 2003 8:33 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Locking Down User Information Fields in ADOops I missed that piece. TelephoneNumber is type 2.5.5.12 which is case insensitive unicode string. You need that because people want to put in () and -. unfortunately they can also add other letters/characters.-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Thursday, July 17, 2003 1:14 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Locking Down User Information Fields in ADMaybe someone can indicate how to restrict the field to numeric only (it's not already??? Huh - never tried, I guess.....), I suspect it's a schema mod - but I thought that I answered the rest of the question, did I not?Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wright, T. MR NSSB
Sent: Wednesday, July 16, 2003 9:27 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Locking Down User Information Fields in ADJust curious how I would go about stopping a user from being able to update their address, website, etc under their own account. AD...Basically I want them only to be able to update their own phone # and nothing else and I would also like to force it to be strictly a numeric only field (which it isn't by default.)Any ideas??Thanks,-Tim