Re: Server 2003 AD, security context APIs, "operations error" ??



Joe Kaplan (MVP - ADSI) wrote:

It sounds to me that you could easily use the server's process identity to
access AD and read this info if the process' account has the rights in AD to
read the data in question. Based on what you said, it sounds like it does.

It does. I will try this, and let folks know how it comes out.
Thanks, Joe!

.



Relevant Pages

  • Re: Prevent changes to Administrator password
    ... What I am trying to do is give Taz1972 some options to minimize the risk or make it harder for a lower-level DA to reset the password for the EA account. ... * This posting is provided "AS IS" with no warranties and confers no rights! ... > By adding the Deny Write Permissions ACE, ... > permission to modify the ACL on AdminSDHolder. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows 2003 Users vs Software
    ... You need to have both an admin and a limited account ... >> as a limited user, to effect, "the software has not been installed ... The users do not have rights to install programs. ...
    (microsoft.public.security)
  • Re: Incoming E-Mail - cant create contact in OU
    ... already have the application pool delegated rights to the OU. ... In my experience it is because you didn't quite delegate enough rights to ... the account in the OU. ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Incoming E-Mail - cant create contact in OU
    ... Go to the OU in security/advanced I added my sharepoint application pool ... that account a little (if the web app is compromised or something, ... Now I understand that you have given the account "full rights" of the OU, ... So I started with giving the app pool account domain admins permissions then ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Reboot command no longer works in Task Scheduler
    ... User rights assignment are set with a GPO located under Computer configuration, windows settings, security settings,local policies. ... Check there if the account, even the domain admin has the needed rights. ...
    (microsoft.public.win2000.general)