Scripting ACE for User Object in Active Directory

  • Thread starter Thread starter TonyEdwards
  • Start date Start date
T

TonyEdwards

I need to give every user in an AD OU rights to modify
only thier Home Folder. I can go through 2500 users and
give them rights to SELF for personal information in
active directory, but what I really need is to be able to
script it. Does anyone know where I can find a
description for the bitmask that controls these
permissions, or some sample scripts that modify the ACE
on the attributes of the AD user object.
Tony
 
-----Original Message-----
I need to give every user in an AD OU rights to modify
only thier Home Folder. I can go through 2500 users and
give them rights to SELF for personal information in
active directory, but what I really need is to be able to
script it. Does anyone know where I can find a
description for the bitmask that controls these
permissions, or some sample scripts that modify the ACE
on the attributes of the AD user object.
Tony
.
Click to expand...

tony,

You have to choose one of those solutions:
1. add your users to group with the name "
HomeFolder" (create one if you haven't) - delegate
control from AD users and computers to the user's OU for
this task (right click on the OU and choose "delegate
control")
install for the users admin pack for them to change their
home folder.
2. set for the users home folder with vbscript, you
can script which set users properties at my site.


Best Regards

Oren Nizri

for my VBScript site : http://scripts.mutsonline.com

for security site : www.secureIT.co.il
 
When you set the apply onto in the security tab (advanced) to users, the
"Read/Write Personal Information" will appear.

David
 
Back
Top