OwenParry
asked on
Accessing whencreated attribute of AD via LDAP - permissions issue
I am using an ASP (vb) script to access AD via LDAP to obtain attributes for users to put on a web page. I want to use the whenCreated and whenChanged attributes to identify new and changed users.
The script I have works perfectly when 'Everyone' is part of the Pre-Windows 2000 Compatible Access built-in group (W2003 server) but not when only 'Domain Users' is in that group.
Now I'm a domain user and I can get the script to show my login name etc. but I can't get it to show the whenCreated and whenChanged attributes.
My systems manager and I are reluctant to re-open the security hole associated with Everyon in the Pre-Windows 2000 Compatible Access group - is there a way to fix this?
The script I have works perfectly when 'Everyone' is part of the Pre-Windows 2000 Compatible Access built-in group (W2003 server) but not when only 'Domain Users' is in that group.
Now I'm a domain user and I can get the script to show my login name etc. but I can't get it to show the whenCreated and whenChanged attributes.
My systems manager and I are reluctant to re-open the security hole associated with Everyon in the Pre-Windows 2000 Compatible Access group - is there a way to fix this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER