Actually better would probably be dumpDatabase. ~Eric
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, August 21, 2005 11:42 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hidden objects Well on reflection, the answer to this regardless of objecttype would be to run an enumeration routing as localsystem and as the admin ID you want to find things that may be hidden from and then compare the results. If the object is a user or group you could try using the NET API to see if lets you see it where the LDAP calls won't. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, August 21, 2005 1:48 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hidden objects What type of object? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Tuesday, August 16, 2005 10:23 AM To: activedirectory Subject: [ActiveDir] Hidden objects Is there anyway to tell if someone hid an object(s) in AD from a DA? dSHeurstics attrib doesn't have a value set. Does that mean no? After using dscals, it seems Authenticated users have "list contents" on every object in AD that I checked. Based on these 2 things, is it pretty safe to assume nothing is probably hidden? thanks List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/