Can you post your script?
> -----Original Message-----
> Just simple standard white pages type attributes like l,
telephonenumber,
> etc.
>
> -----Original Message-----
>
> What attributes are you trying to modify??
>
> -D
>
> ----- Original Message -----
> I'm not sure exactly what the AD admin did but I think he first tried
> giving me write access to only the attributes I need to modify, then
> full on users, then full control all objects, entire domain, then
Domain
> Admin which is what finally worked. I really don't want Domain Admin
> rights. I will be questioned every time something happens. Perhaps
> it's time to interrogate Microsoft.
>
> -----Original Message-----
> To my knowledge, the only thing AD requires secured LDAP connections
for
> is changing passwords. How did your AD admin "back off the
privileges"?
>
> Have your AD admin run the delegation wizard at the root of your
domain,
> and give you full control over all objects. See if that works.
>
> -----Original Message-----
> On 13/10/04 10:59 pm, Barrett, John <[EMAIL PROTECTED]>
wrote:
>
> > I've written a script (below) that runs on a Unix server and
modifies
> > AD attributes. It works fine if the user I'm binding as is given
> > Domain Admin privileges. The AD admins don't want to give me that
> > much power (and I really don't want it) but when they back the
> > privileges off to what they think should work I get "insufficient
> > access" errors:
> >
> > update error: 00002098: SecErr: DSID-03150646, problem 4003
> > (INSUFF_ACCESS_RIGHTS), data 0
> >
> > The only thing that seems to work is Domain Admin. The AD admins
> > claim that I am not "presenting the security context correctly."
I'm
> > using simple bind. Is there anything I can do differently? Would
SASL
>
> > help?
>
> *****
> The information transmitted is intended only for the person or entity
to
> which it is addressed and may contain confidential, proprietary,
and/or
> privileged material. Any review, retransmission, dissemination or
other
> use of, or taking of any action in reliance upon, this information by
> persons or entities other than the intended recipient is prohibited.
If
> you received this in error, please contact the sender and delete the
> material from all computers. 113
