You won't need anything other than a normal userid unless you have put weird
ACEs in place to hide user objects and then you just need to have the normal
userid in the right group and that right group shouldn't have to be
Administrative level.
Note though that no group membership is going to give
Surely if the service account used by the app has [only] the rights to
read the data in the attributes and objects that it needs to access,
then you should be fine.
Whether an app or an admin, the least privilege rule still applies :)
neil
-Original Message-
From: [EMAIL PROTECTED]
It should be fine with normal credentials.
Why are you so scared of SP1 or a schema extension? Neither of them are
going to end the world...
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED] [mailto:ActiveDir-
[EMAIL PROTECTED] On
]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Tuesday, May 09, 2006 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Schema extension
I didn't flush the cache. Wasn't aware I had to do that, plus I'm not
sure where to do it.
I'm viewing the AD properties
Did you flush the schema cache on the schema master?
How are you viewing the user's AD schema properties?
neil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: 09 May 2006 15:38
To: ActiveDir@mail.activedir.org
Subject:
first, you need to wait for replication to occur so that the schema change is
replicated to all DCs
how are you looking at it?
If you are using LDP, but the attribute does not have a value (yet) it will not
show in LDP. ADSIEDIT however show all attributes of an object, populated or not
Met
DefaultHidingValue?
defaultHidingValue
A Boolean value that
specifies the default setting of the showInAdvancedViewOnly
property of new instances of this class. Many directory objects are not
interesting to end users. To keep these objects from cluttering the UI,
2006 16:03To:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Schema
extension
"DefaultHidingValue"?
defaultHidingValue
A Boolean
value that specifies the default setting of the showInAdvancedViewOnly property of
new instances of this c
while
installing various applications, just not this one.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, May 09, 2006 9:48 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Schema extension
Did you flush
AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Schema
Extension
I would recommend
starting here
http://msdn.microsoft.com/library/default.asp?url="">
Or buying either the
book in the signature or Inside Directory Second Edition by Sakari
Kouti.
--
O'Reilly Acti
AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Schema
Extension
I would recommend starting here
http://msdn.microsoft.com/library/default.asp?url="">
Or buying either the book in the signature
or Inside Directory Second Edition by Sakari Kouti.
--
O'
Dean Wells wrote:
I really don't agree in the confined scenario Ulf described. Can you
explain your point further or is it merely an issue of Microsoft supporting
it?
OK, You've got me - when I think about it, it should not cause any
trouble. Ulf procedure is not a attempt to do
-B489-F2F1214C811
D
|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
|Sent: Thursday, February 09, 2006 1:46 AM
|To: Send - AD mailing list
|Subject: RE: [ActiveDir] Schema Extension
|
|I really don't agree in the confined scenario Ulf
-F2F1214C811
D
|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
|Sent: Thursday, February 09, 2006 1:46 PM
|To: ActiveDir@mail.activedir.org
|Subject: Re: [ActiveDir] Schema Extension
|
|Dean Wells wrote:
| I really don't agree
Ulf B. Simon-Weidner wrote:
(...)
Note that no matter what - I'm usually always testing 3rd-Party Schema
Extensions first, meaning to verify OID, prefix, LinkIDs, document MapiIDs
and consult the customer in the risk of those, and verify the Structure
(classes, how they are added to existing
verfaq.org Profile:http://mvp.support.microsoft.com/profile="">
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Wyatt,
DavidSent: Tuesday, February 07, 2006 11:02 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Schema
Extension
rom: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B.
Simon-WeidnerSent: Wednesday, February 08, 2006 11:11
PMTo: ActiveDir@mail.activedir.orgSubject: RE:
[ActiveDir] Schema Extension
Hi David,
OK - as far as controlling the update of the schema I'd
do it that w
Ulf B. Simon-Weidner wrote:
Hi David,
OK - as far as controlling the update of the schema I'd do it that way:
Do you really care - aka not frequently tested combination of schema
extensions:
1. Put the schema master on a otherwise stale switch/hub (to provide a
link but no connection to
: [ActiveDir] Schema Extension
|
|Ulf B. Simon-Weidner wrote:
|
| Hi David,
|
| OK - as far as controlling the update of the schema I'd do
|it that way:
|
| Do you really care - aka not frequently tested combination of schema
| extensions:
| 1. Put the schema master on a otherwise stale switch
Ulf B. Simon-Weidner wrote:
Hm - you're right - don't write tired and exhausted.
Seize it and clean the old one out of AD.
Not a problem :)
If anyone is interested I've put some of my thoughts about such
procedure in the post on my blog:
PROTECTED] On Behalf Of Tomasz Onyszko
Sent: Wednesday, February 08, 2006 5:50 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Schema Extension
Ulf B. Simon-Weidner wrote:
Hi David,
OK - as far as controlling the update of the schema I'd do it that way:
Do you really care
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
Sent: Wednesday, February 08, 2006 5:50 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Schema Extension
Ulf B. Simon-Weidner wrote:
Hi David,
OK - as far as controlling the update of the schema I'd do
PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Ulf B. Simon-WeidnerSent: 06 Feb 2006
20:25To: ActiveDir@mail.activedir.orgSubject: RE:
[ActiveDir] Schema Extension
Hi David,
depends on what you mean - either there's a supported way
on how to extend the schema (pretty sure
Title: Message
If you have a
web access to ITPro or a paper copy of these issues, you can refer to articles
of
September
2001 (Windows 2000 Magazine):Diving into the Active Directory
Schema
November
2001 (Windows 2000 Magazine):Extending the Active Directory
Schema
March 2004
Title: Message
I would recommend starting here
http://msdn.microsoft.com/library/default.asp?url="">
Or buying either the book in the signature or Inside
Directory Second Edition by Sakari Kouti.
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From:
Title: Message
Hi David,
depends on what you mean - either there's a supported way
on how to extend the schema (pretty sure implementing the schema extensions via
LDIF is supported), however if you are talking about designing the extensions it
depends on your needs if anyone is able to
n/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B.
Simon-WeidnerSent: Monday, February 06, 2006 3:25 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Schema
Extension
Hi David,
depends on what you mean - either there's a supported way
on how
.
1. Create a new class and list it as an auxilary to the 'user' class.
2. Add the attributes to the 'user' class.
I think #1 is the appropriate way to go, but #2 might be easier if it'll
work.
Well, there are many ways to extend the Schema: LDAP, ADSI or LDIF. I've
used LDAP and LDIF,
28 matches
Mail list logo