Determine AD attribute can be modified by user
prabinba
only the AD manipulate and modify these constructed attributes.
Similar to Constructed attributes, DistinguishedName(DN) attribute that also
can not be modified.
In my application, I need to restrict the user not to modify these type of
AD attributes. For this purpose, I need the list of AD attributes that can
not be modified. Kindly guide me how to determine, whether the given AD
attribute can be modified or not.
Thanks in advance.
Joe Kaplan
get a list of the attributes that the user is actually allowed to modify
given their current permissions. Using this might be the best approach to
provide the user with this type of information.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"prabinba" <prab...@discussions.microsoft.com> wrote in message
news:BCA65C5B-7605-4D7C...@microsoft.com...
Richard Mueller [MVP]
the list includes all attributes, including distinguishedName and
operational (constructed) attributes.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
"Joe Kaplan" <joseph....@removethis.accenture.com> wrote in message
news:eZYxVZkL...@TK2MSFTNGP03.phx.gbl...
JRB
whether you have the "reset password" extended right to the target
user and hence can change that user's password without knowing the old
one?
TIA, John
On Sep 6, 4:31 am, "Joe Kaplan"
Joe Kaplan
know without calling one of the AccessCheck APIs.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"JRB" <jo...@jrbsoftware.com> wrote in message
news:aa5d5f14-d5ee-4966...@t11g2000prh.googlegroups.com...