Home > Archive > 70-217 > February 2004 > filtering object classes





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author filtering object classes
salv236

2004-02-02, 3:45 pm

does anyone know how you would filter out certain object classes for a specific user or group. I tried going into the ACE and added an entry for a user (user2) applied it to user objects denied full control logged on to my other 2000 machine gone into the OU however user2 can see user objects.
Blubells

2004-02-03, 3:18 pm

Instead of using Deny, why dont you just remove the explicit permission and remove the user from any groups that are explicity given access to the resource

Hope That Helps
salv236

2004-02-03, 6:02 pm

quote:
Originally posted by Blubells
Instead of using Deny, why dont you just remove the explicit permission and remove the user from any groups that are explicity given access to the resource

Hope That Helps


i have read from the national security agency site in regards to active directory security. And seen from page 20 of this document that having pre windows 2000 compatibiliy (mixed mode) allows users to access information from that domain.

http://www.nsa.gov/snac/win2k/download.htm
jeff_j_black

2004-02-03, 7:40 pm

Another good reason why the best migrations are moves to a green-field forest that is in native mode.
salv236

2004-02-06, 3:23 am

do anyone know where i could get a tool that allows me to access another directory service on a network where i dont have to physically visit that DC whether it be novell NT 2k or 2k3 server. I have heard that MDSS (microsoft directory synchronization services) does this however i cant seem to find it on the microsoft or novell site.
jeff_j_black

2004-02-06, 10:01 am

Microsoft Metadirectory Services
Microsoft Identity Integration Server 2003
You might have been missing an m or and s or something. This is to integrate two different directories, synchronize, etc. That might be a lot more than what you need. Have you tried LDP.exe? You should be able to connect to any LDAP compatible directory with that. There is likely other simple free tools that would let you connect, read write and edit via LDAP. All you would need is the credentials.
Sponsored Links





Free Braindumps | MCSE braindumps software forum

Copyright 2003 - 2008 examnotes.net