Here is a link to a script written in Jscript that may give you some ideas.
This script creates an OU and adds an ACE for delegating rights to the OU.
Regards,
Arden
On 9/15/06, Paul Williams <[EMAIL PROTECTED]> wrote:
I can't point you at any examples, but most of the documentation I read and from what MSFT people said at conferences, reckons you should grant full control to the group for SMS servers on that container. That's horse sh!t -you need to grant create and delete of each of the MS SMS object types and full control over those object types, and that's it.When I designed a couple of k3 SMS installations last year I used a DLG called SMS Servers and GGs called Primary SMS and Secondary SMS and nested the GGs into the DLG which was granted the permissions. You can then get specific for primary and secondary servers in some cases, or grant all via the DLG.I'm afraid I can't remember the names of the classes, so can't give you the ldapDisplayName's of the object type in question. But they're easy to find, they should be prefixed with mS-SMS or something like that.Note also that the advanced clients search on objectClass instead of objectCategory, so if you haven't already, you need to index objectClass.--Paul----- Original Message -----From: Joe McNicholasSent: Friday, September 15, 2006 10:53 AMSubject: [ActiveDir] _vbscript_ Container Security
I'm trying to create and secure the "LDAP://cn=System Management,cn=System,dc=mydomain,dc=com" container, as required for SMS[1].
I'm able to create the container successfully, but haven't found any examples of how to assign security to an OU or Container in the AD. MS Script Centre and a quick google have come up blank, can anyone point me to any examples?
Thanks
Joe
