I signed up just a few minutes ago, and hope to become a valuable contributor on this forum, however I need your expertise now... so put on your AD Schema hat...
I have an object class "organizationalPerson" and three optional attributes in the class.
I went into adsiedit and edited the security of those 3 LDAP attributes (removed authenticated users and added a new security group).
The goal is to disallow authenticated users from being able to view the 3 attributes -- but without affecting the security of the object class (as other attributes need to be read, I think).
Problem is, even though I set permissions on the 3 attributes in adsiedit.msc, ordinary logged on users can still browse and see the attributes, and their values... Has anyone seen or know of a solution to this?
2003 Native Active Directory
July 20, 2011 12:41 PM
March 31, 2012 8:48 PM