Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Setting the acl on the mail attribute in active directory

Posted on 2014-02-11
1
393 Views
Last Modified: 2014-02-24
Hi guys,  hope you are all well and can help.

We have a need to limit modification of the e-mail address property  (ldap mail attribute) for all users in active directory.

What we need to do is this:
1) Give a group eg.Email admins, full control of all users' email address.
2) Restrict access to all other people eg.limit them to having read only on this mail attribute.

I have tried dsacls with no luck, and in the delegation control wizard, i cannot find this property.

Any help greatly appreciated.

The OU where all the users is is ad follows:

OU=Users,CN=net,CN=company

Thanks everyone.
0
Comment
Question by:Simon336697
1 Comment
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39853703
Organizational and Recipient Exchange Groups have access to modify these settings by default. Domain Admins by default will have access to this attribute by default as well viewing it/changing it via Active Directory Users and Computer Properties of a specific account. As long as they are not part of either of these groups they should not be able to modify this setting unless you have made custom security groups and delegated control.

Will.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question