Re: [ActiveDir] ACL Attribute

Sun, 29 Aug 2004 22:04:02 -0700 

Hi Brian

Be careful about adding acls to the domain head like this - it can result in
a large increase to the size of your database (in Win2k - 2k3 fixes this via
an  improved single instance store)

As for your how to...

Go to the domain head - properties, security.
Go to Advanced, click ADD and add Group1
Click on EDIT and the properties tab
Click on the Apply Onto drop down and select USER obejcts
Find READ\ WRITE Employee ID and ACL as you wish.

-steve

----- Original Message ----- 
From: "Brian Desmond" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 29, 2004 4:34 PM
Subject: [ActiveDir] ACL Attribute


> I need to ACL the employeeID attribute in AD such that only a group I
specify can read it. I'm scratching my head here because if I go to the top
level of my Domain NC in Adsiedit, goto security, there's no employeeID in
the list of attributes. I've selected the child objects scope. Is there a
trick to making hte attribute magically appear or something?
>
> --Brian
> .+-w i 0g-íí+Yb mPi 0 -íí+b Úf.+-j!  0j! or yïíIãV+v*

List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to