Solved

Setting the acl on the mail attribute in active directory

Posted on 2014-02-11
1
396 Views
Last Modified: 2014-02-24
Hi guys,  hope you are all well and can help.

We have a need to limit modification of the e-mail address property  (ldap mail attribute) for all users in active directory.

What we need to do is this:
1) Give a group eg.Email admins, full control of all users' email address.
2) Restrict access to all other people eg.limit them to having read only on this mail attribute.

I have tried dsacls with no luck, and in the delegation control wizard, i cannot find this property.

Any help greatly appreciated.

The OU where all the users is is ad follows:

OU=Users,CN=net,CN=company

Thanks everyone.
0
Comment
Question by:Simon336697
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39853703
Organizational and Recipient Exchange Groups have access to modify these settings by default. Domain Admins by default will have access to this attribute by default as well viewing it/changing it via Active Directory Users and Computer Properties of a specific account. As long as they are not part of either of these groups they should not be able to modify this setting unless you have made custom security groups and delegated control.

Will.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question