RE: [ActiveDir] delegating group management

[joe]

Yep, you need to delegate WP to the member attribute. 

I seem to recall the wizard doing something with the special permission
add/remove self as member but it seems misleading as that permission allows
the person who has it to modify the membership in its entirely, it is not a
validated permission to only allow you to add/remove yourself.

  joe

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark
Sent: Tuesday, February 22, 2005 12:50 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] delegating group management

Hi guys, I'm fairly sure I can do this. But thanks to recent security
changes, I can no longer just fire up the delegation of authority wizard to
make sure...can I grant the ability to manage membership of groups to a
given group of user admins, without giving them the ability to change other
attributes of the users themselves? I'm thinking the best way to do this is
to place all the groups in an OU, and run the wizard to apply just the
necessary permissions on those groups in the OU.

Mark Creamer
Systems Engineer
Cintas Corporation
The Service Professionals


This e-mail transmission contains information that is intended to be
confidential and privileged.  If you receive this e-mail and you are not a
named addressee you are hereby notified that you are not authorized to read,
print, retain, copy or disseminate this communication without the consent of
the sender and that doing so is prohibited and may be unlawful.  Please
reply to the message immediately by informing the sender that the message
was misdirected.  After replying, please delete and otherwise erase it and
any attachments from your computer system.  Your assistance in correcting
this error is appreciated.  Thank you.  Cintas Corporation.

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] delegating group management

[Creamer, Mark]

Hi guys, I'm fairly sure I can do this. But thanks to recent security changes, 
I can no longer just
fire up the delegation of authority wizard to make sure...can I grant the 
ability to manage membership
of groups to a given group of user admins, without giving them the ability to 
change other attributes
of the users themselves? I'm thinking the best way to do this is to place all 
the groups in an OU, and
run the wizard to apply just the necessary permissions on those groups in the 
OU.

Mark Creamer
Systems Engineer
Cintas Corporation
The Service Professionals


This e-mail transmission contains information that is intended to be 
confidential and privileged.  If you receive this e-mail and you are not a 
named addressee you are hereby notified that you are not authorized to read, 
print, retain, copy or disseminate this communication without the consent of 
the sender and that doing so is prohibited and may be unlawful.  Please reply 
to the message immediately by informing the sender that the message was 
misdirected.  After replying, please delete and otherwise erase it and any 
attachments from your computer system.  Your assistance in correcting this 
error is appreciated.  Thank you.  Cintas Corporation.

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/