Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Setting the acl on the mail attribute in active directory

Posted on 2014-02-11
1
Medium Priority
?
401 Views
Last Modified: 2014-02-24
Hi guys,  hope you are all well and can help.

We have a need to limit modification of the e-mail address property  (ldap mail attribute) for all users in active directory.

What we need to do is this:
1) Give a group eg.Email admins, full control of all users' email address.
2) Restrict access to all other people eg.limit them to having read only on this mail attribute.

I have tried dsacls with no luck, and in the delegation control wizard, i cannot find this property.

Any help greatly appreciated.

The OU where all the users is is ad follows:

OU=Users,CN=net,CN=company

Thanks everyone.
0
Comment
Question by:Simon336697
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39853703
Organizational and Recipient Exchange Groups have access to modify these settings by default. Domain Admins by default will have access to this attribute by default as well viewing it/changing it via Active Directory Users and Computer Properties of a specific account. As long as they are not part of either of these groups they should not be able to modify this setting unless you have made custom security groups and delegated control.

Will.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question