RE: Creating/editing user accounts

From: Al Miller (
Date: 11/08/01

Subject: RE: Creating/editing user accounts
Date: Thu, 8 Nov 2001 15:04:35 -0500
Message-ID: <>
From: "Al Miller" <>
To: "Derek T" <>, <>

You can designate an OU for these user accounts and delegate control of
the OU to whomever you like. Anyone can add and edit user accounts they
just need to be given the appropriate permissions.

-----Original Message-----
From: Derek T []
Sent: Thursday, November 08, 2001 12:11 PM
Subject: Creating/editing user accounts

A quick question about AD and web enabled services.

The company I work for is trying to offer the ability to open and
accounts from the Web ( kind of like Yahoo or Hotmail). The problem lies
the choice to use AD on the segmented network. With AD the only ID with
rights to create and edit user accounts are sys-admins, something that
can not allow anonymous web browsers to assume. Also this will be a
off the main corporate network, ( in it's own DMZ) to allow customer
reps to access and work with the same data from the main tree. Any ideas
how can this be accomplished and kept secure, or is it a pipe dream?

Also in the event that a process is given the Sys-admin rights instead
of a
user, what potential security implications does this pose? It seems as
almost every discussion of a new vulnerability starts with " You see,
was this process running with administrator rights...." =)

Thanks for the insights

D True

"If debugging is the process of removing software bugs, then programming

must be the process of putting them in."- L. Owando

Get your FREE download of MSN Explorer at