Active Directory custom permissions

Our IT department is setting up a new Windows 2003 server with Active Directory for the organisation. We have a custom built CRM solution which runs on PHP under Windows 2003 server + IIS. The CRM has it's own permissions structure using a MySQL database, but I would like to integrate it with the new Active Directory server. In order to do that, I would need to setup custom permissions in Active Directory which could then be accessed (via LDAP) at user authentication and used for the CRM.

1) How can I create custom permissions in Active Directory to be used by the CRM software?

2) If it's not possible to create permissions, is it possible to create custom fields for each user?

Any advice or comments appreciated.
LVL 9
under_dogAsked:
Who is Participating?
 
Kevin HaysIT AnalystCommented:
I would probably try and start out with creating new security groups, using windows authentication/ldap.

I would rather go that route if possible than trying to modify the schema.  Here are some links though.

http://www.petri.co.il/add_additional_attributes_to_user_objects.htm
http://www.petri.co.il/add_user_account_information_to_dsa.htm
http://www.petri.co.il/basic_adsi_scripting.htm
http://www.petri.co.il/editing_additional_attributes_of_user_objects.htm
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.