I signed up just a few minutes ago, and hope to become a valuable contributor on this forum, however I need your expertise now... so put on your AD Schema hat...
I have an object class "organizationalPerson" and three optional attributes in the class.
I went into adsiedit and edited the security of those 3 LDAP attributes (removed authenticated users and added a new security group).
The goal is to disallow authenticated users from being able to view the 3 attributes -- but without affecting the security of the object class (as other attributes need to be read, I think).
Problem is, even though I set permissions on the 3 attributes in adsiedit.msc, ordinary logged on users can still browse and see the attributes, and their values... Has anyone seen or know of a solution to this?
Software/Hardware used: 2003 Native Active Directory