Re: SID Filtering vs. SIDhistory

From: Eric Fleischman [MSFT] (efleis_at_online.microsoft.com)
Date: 01/28/04

• Next message: Eric Fleischman [MSFT]: "Re: SID Filtering vs. SIDhistory"
• Previous message: Martin Danner: "ASP.NET permissions error on STS-extended website"
• In reply to: Rich Roller: "Re: SID Filtering vs. SIDhistory"
• Next in thread: Alex: "Re: SID Filtering vs. SIDhistory"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 28 Jan 2004 09:21:14 -0600

Both adsiedit and ldp let you dig in to the directory and modify just about
anything you want. Although if you tune ad users and computers right you can
get a lot more than you do by default as well.

My tool of choice personally is ldp, but I'm in the minority. Most 'folk who
get in there a lot are using adsiedit. Also, adsiedit from the xp admin pack
or 2003 is a bit better and the UI is a bit nicer for modifying attributes
on a given object.

~Eric

-- 
Eric Fleischman [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Rich Roller" <rich@*REMOVE-THIS*r2c.com> wrote in message
news:egGBKoR5DHA.1936@TK2MSFTNGP12.phx.gbl...
> > tool, but they're actually pretty easy to use. ADSIEdit would
> probably
> > be the simplest. If you want to check to see if there is a SID
> history
> > populated, let me know and I'll walk you through how to do it.
>
> Yeah, why not... thanks.  I'll try to check this next time I'm
> on-site.
>
> Also, should I assume that ADSIedit is powerful/dangerous ala
> RegEdit?
>
> -Rich
>
>

• Next message: Eric Fleischman [MSFT]: "Re: SID Filtering vs. SIDhistory"
• Previous message: Martin Danner: "ASP.NET permissions error on STS-extended website"
• In reply to: Rich Roller: "Re: SID Filtering vs. SIDhistory"
• Next in thread: Alex: "Re: SID Filtering vs. SIDhistory"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: SID Filtering vs. SIDhistory ... Personally I'm quite loyal to ldp, so I don't use the others a ton. ... > That is because the best tool for VIEWING that info is ADFIND... ... > I actually liked some of the functionality of ADSIEDIT in W2K than in XP ... >> Eric Fleischman ... (microsoft.public.windows.server.security) Re: VBScript to update Computer Description with username and department ... The only way this can be done is by using ADSIEdit to modify the computer ... object permissions in Active Directory to allow them to update whatever ... Just do a search for ADSIEDIT ... (microsoft.public.scripting.vbscript) Re: 2003 AD Object quotas ... and how to overcome with ADSIEDIT ... "Tomasz Onyszko" wrote in message ... >> I was doing a little research on how to set how many computer one user>> can add and I keep on comming across the catch fraise "AD object quotas">> which is available on 2003. ... > Using adsiedit You should modify ms_DS-MachineAccountQuota for the domain ... (microsoft.public.windows.server.active_directory) Re: Mailbox Size ... This is a limitation of the interface. ... You need to use ADSIedit or some ... other tool to modify the values in AD. ... a 2Gb mailbox is enormous ... (microsoft.public.exchange.admin) Re: renamed account shows old alias ... "andy webb" wrote: ... >> legacyExchangeDN in the AD? ... >>> legacyExchangeDN is an AD property that you can modify with adsiedit, ... (microsoft.public.exchange.admin)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint