RE: [ActiveDir] Delegation of Callback-Number

[joe]

Hey Ulf - can you just script it?      joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: Wednesday, July 07, 2004 6:32 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Delegation of Callback-Number Hi there, I have a customer who where we implemented the least permissions necessary for each group fulfilling administrative tasks. One of those tasks is that they are required that just a small group has the permissions to grant RAS permissions, and every useraccount is forced to be called back to a previously set number. To scale that solution better, the user-helpdesk should be able to change the callback-number, but they are not allowed to do anything else in the RAS-Permissions. Those are the requirements. Point. Couple month ago I discovered some bugs in the ADUC Dial-In Tab. After installing a hotfix that allows non-administrator accounts to see the dialin-tab and figuring out that I need to set the permissions for the helpdesk for the msRadiusCallbackNumber and the userProperties attributes I figured that there's an additional bug in the tab: the helpdesk is now able to change the Callback-Number in the interface, however as soon as they click on Apply or OK there's an error that the rights are not sufficient. This is a bug, which is verified by Microsoft. The only way to delegate the permissions on the RAS Tab - due to the bug - is to grant the group full permissions on everything of the RAS-Tab. This is not acceptable in our case. Now comes why I'm posting: We have a open call at PSS, already did a CDCR and political impact, but MS told us that they think it's not a option requested by customers and they need at least another customer with that requirement to fix that. I do not believe that we are the only ones with that request - however I do believe that those out there who had a request like that stopped early in the process instead of going the way through. So if anyone of you knows a company which has those requirements and would like to have that fixed, contact me asap to see if we are able to get that fixed. As far as I was told from PSS they'd like to get that fixed too but are unable to assign developer-resources for it if it's not requested by the market. This issue bugs me since the beginning of the year :-(   Gruesse - Sincerely,   Ulf B. Simon-Weidner