.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, July 01, 2005 8:47
AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Group
Management
JoeK... quite honestly, it almost sounds
like you could sell this beast. I am sure there are things very specific
Behalf Of
[EMAIL PROTECTED]Sent: Friday, July 01, 2005 12:21
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
Group Management
I could not agree more
with Joe on this point too. We have a bunch of business rules that work
really well for us, but they definitely aren’t for everyone
eDir@mail.activedir.org
Subject: RE: [ActiveDir] Group
Management
I agree with JoeK, keep this info all
together. I have visualized a system that synced back and forth to AD/AM
though. But that was to set it up so that the ACL manipulations were in AD/AM
and then any changes in AD/AM were doubleche
Subject: RE: [ActiveDir] Group
Management
I think you need to solve your business
issues before your technical issues. The technology is certainly readily
available to handle this type of work if you want to build it. However, you
need to be able to feed rules into the system to follow or else the
PROTECTED]Sent: Wednesday, June 29, 2005 3:41
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
Group Management
No, it seemed to make
more sense to put it in AD and keep it all in the same place. Using DN
syntax attributes to represent the users and groups allows us to take advantage
of
I think you need to solve your business issues before your
technical issues. The technology is certainly readily available to handle this
type of work if you want to build it. However, you need to be able to feed rules
into the system to follow or else the systems no matter how complex will b
.
Joe
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Tuesday, June 28, 2005 11:29
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Group
Management
Did you consider using SQL to store all the metadata for the groups?
That’s what I’m
ailto:[EMAIL PROTECTED] On Behalf Of Brian
DesmondSent: Tuesday, June 28, 2005 10:15 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Group
Management
I
wish we had a system to do that here. I won’t create any group without the
managed by attribute being populated. This way I can then pas
We have a centralized security department, and we used to
do group management this way. As you found, it gets to be a chore, and the
security people really don't know what the groups are for
anyway.
What we ended up doing was creating an OU structure that
mimics our business unit divisions
PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, June 28, 2005 10:43
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Group
Management
We do the vast majority of our group
management via a custom web interface. The system is self-service and
We do the vast majority of our group
management via a custom web interface. The system is self-service and
requires no approval process for creating a group. We do enforce some
semantics and business rules though. For example, we enforce specific
naming conventions, require a sponsor to
I wish we had a system to do that here. I won’t create any group
without the managed by attribute being populated. This way I can then pass off
the membership management to whomever. I haven’t really identified yet
the magnitude of the problem here, but, we’re going to figure out a way
to g
12 matches
Mail list logo
