T
Tim.Olsen
Hello all,
I'm working on a simple asset identification process that uses Active
directory. (Windows 2003 R2)
The process conditionally places a user's employee ID (from the user
object attribute EmployeeID) into the computer object's employeeID
attribute and the user's PhysicalDeliveryOfficeName attribute into the
computer object's PhysicalDeliveryOfficeName attribute. (There's a few
others but these two are giving me grief.)
Because the process may run under the context of any given user, on any
given XP workstation I want to allow "authenticated users" the ability
to update this select computer object attribute in the directory;
however, I've hit a wall with the delegation wizard.
It seems as the delegation wizard refuses to recognize these two
attributes.
Once I get to the property specific dialog of the delegation wizard
(where it lists "read <attribute name>" or "write <attribute name>") I
those attributes aren't listed there.
They appear to be inherited from the user class, ADSIedit sees them
just fine, and as an admin I can update the fields, I just can't find a
way to allow anyone else to do it.
I'm considering DSACLS, but like to know why the wizard doesn't work.
Any insights would be greatly appreciated.
Regards,
Tim Olsen
I'm working on a simple asset identification process that uses Active
directory. (Windows 2003 R2)
The process conditionally places a user's employee ID (from the user
object attribute EmployeeID) into the computer object's employeeID
attribute and the user's PhysicalDeliveryOfficeName attribute into the
computer object's PhysicalDeliveryOfficeName attribute. (There's a few
others but these two are giving me grief.)
Because the process may run under the context of any given user, on any
given XP workstation I want to allow "authenticated users" the ability
to update this select computer object attribute in the directory;
however, I've hit a wall with the delegation wizard.
It seems as the delegation wizard refuses to recognize these two
attributes.
Once I get to the property specific dialog of the delegation wizard
(where it lists "read <attribute name>" or "write <attribute name>") I
those attributes aren't listed there.
They appear to be inherited from the user class, ADSIedit sees them
just fine, and as an admin I can update the fields, I just can't find a
way to allow anyone else to do it.
I'm considering DSACLS, but like to know why the wizard doesn't work.
Any insights would be greatly appreciated.
Regards,
Tim Olsen