RE: [ActiveDir] Group ManageBy 'feature' in SP1 does not work?
Hi Joe Thanks again for confirming, for some reason it wasn't working the other day when I was doing a demo (for whatever reason) and just re-tested and it works fine.. Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, May 10, 2005 12:07 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Group ManageBy 'feature' in SP1 does not work? I just tested this and yes it did indeed work for me. I would fully expect it to. It isn't anything magical about ADUC, that is AD Delegation functionality at work there and normal ACLs. I even used the Self well known security principal as the managing group. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, May 09, 2005 1:40 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Group ManageBy 'feature' in SP1 does not work? Hi Someone here (sorry can't remember who) posted that in 2003 SP1, we are able to put a Group to manage a group and update membership. I've been testing that and I'm kinda stuck - after assigning a group & ticking "Manager can update membership list" - the user in that group is unable to manage the other group. Groupname to be managed:group1 Groupname to manage:group2 (username1 is a member of group2) Under Managed By tab of group1 - I assign a group group2 and ticked Manager can update membership list Login as username1 and I am UNABLE to add or modify any members (if I assign directly to a user account it works) Eventhough it doesn't work - dsacls shows that group2 is assigned the correct rights which is SPECIAL ACCESS for Add/Remove self as member (defined as WP;member) Anyone has tested this functionality and get this to work yet? I'm trying to achieve group to self managed its member - meaning any member of the group can add/remove/modify membership list (group1 to be managed by group1). Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Group ManageBy 'feature' in SP1 does not work?
I've used it fairly extensively exactly as you've described. It's all worked splendidly. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, May 09, 2005 12:40 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Group ManageBy 'feature' in SP1 does not work? Hi Someone here (sorry can't remember who) posted that in 2003 SP1, we are able to put a Group to manage a group and update membership. I've been testing that and I'm kinda stuck - after assigning a group & ticking "Manager can update membership list" - the user in that group is unable to manage the other group. Groupname to be managed:group1 Groupname to manage:group2 (username1 is a member of group2) Under Managed By tab of group1 - I assign a group group2 and ticked Manager can update membership list Login as username1 and I am UNABLE to add or modify any members (if I assign directly to a user account it works) Eventhough it doesn't work - dsacls shows that group2 is assigned the correct rights which is SPECIAL ACCESS for Add/Remove self as member (defined as WP;member) Anyone has tested this functionality and get this to work yet? I'm trying to achieve group to self managed its member - meaning any member of the group can add/remove/modify membership list (group1 to be managed by group1). Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Group ManageBy 'feature' in SP1 does not work?
I just tested this and yes it did indeed work for me. I would fully expect it to. It isn't anything magical about ADUC, that is AD Delegation functionality at work there and normal ACLs. I even used the Self well known security principal as the managing group. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, May 09, 2005 1:40 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Group ManageBy 'feature' in SP1 does not work? Hi Someone here (sorry can't remember who) posted that in 2003 SP1, we are able to put a Group to manage a group and update membership. I've been testing that and I'm kinda stuck - after assigning a group & ticking "Manager can update membership list" - the user in that group is unable to manage the other group. Groupname to be managed:group1 Groupname to manage:group2 (username1 is a member of group2) Under Managed By tab of group1 - I assign a group group2 and ticked Manager can update membership list Login as username1 and I am UNABLE to add or modify any members (if I assign directly to a user account it works) Eventhough it doesn't work - dsacls shows that group2 is assigned the correct rights which is SPECIAL ACCESS for Add/Remove self as member (defined as WP;member) Anyone has tested this functionality and get this to work yet? I'm trying to achieve group to self managed its member - meaning any member of the group can add/remove/modify membership list (group1 to be managed by group1). Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
