• State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 61 subscribers
  • Views 6593 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Expand nTSecurityDescriptor attribute on group object

frank m.
over 16 years ago

Hi,


we want to add the nTSecurityDescriptor attribute on group objects via the Active Roles (5.2.4) Web Interface.

Our problem is, that we only see the three right "read", "write" and "full control" (see attached file "ntsecuritydescriptorAR.jpg"), when we add the attribute to the Web Interface.

If I control these attribute via Active Directory, I have much more rights to select (see attached file "ntsecuritydescriptor.jpg).


Why can't we see these "additional" right via the Active Roles Web Interface?

Is there a special "edsa attribute" for this?


regards

frank

Additional Attachments:

ntsecuritydescriptorAR.jpg

Parents
  • 0 over 16 years ago

    Hi Andrei,

    in our environment, we have one centralized it-team and several decentralized it-teams. the decentrlized teams can only use the actice roles webinterface to manage their ad objects. Each team have access to their own OU.

    In this specific szenario, the dezentralized admins must have the ability, to delegate rights like "Add/Remove Self as Member" or "Send as" to distribution groups.

    Without this ability the decentralized admins must contact us (central it team) and we must set theses rights.

    Regards
    Frank

Reply
  • 0 over 16 years ago

    Hi Andrei,

    in our environment, we have one centralized it-team and several decentralized it-teams. the decentrlized teams can only use the actice roles webinterface to manage their ad objects. Each team have access to their own OU.

    In this specific szenario, the dezentralized admins must have the ability, to delegate rights like "Add/Remove Self as Member" or "Send as" to distribution groups.

    Without this ability the decentralized admins must contact us (central it team) and we must set theses rights.

    Regards
    Frank

Children
No Data