• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 457
  • Last Modified:

Accessing whencreated attribute of AD via LDAP - permissions issue

I am using an ASP (vb) script to access AD via LDAP to obtain attributes for users to put on a web page.  I want to use the whenCreated and whenChanged attributes to identify new and changed users.

The script I have works perfectly when 'Everyone' is part of the Pre-Windows 2000 Compatible Access built-in group (W2003 server) but not when only 'Domain Users'  is in that group.

Now I'm a  domain user and I can get the script to show my login name etc. but I can't get it to show the whenCreated and whenChanged attributes.

My systems manager and I are reluctant to re-open the security hole associated with Everyon in the Pre-Windows 2000 Compatible Access group - is there a way to fix this?
1 Solution
Mike ThomasConsultantCommented:
Have you tried using the "Authenticated Users" failing that create an account to run the script with that has more permissions maybe..rather than using an open account like "Everyone"
OwenParryAuthor Commented:
Worked a treat - many thanks indeed
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now