[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Setting the acl on the mail attribute in active directory

Posted on 2014-02-11
1
Medium Priority
?
402 Views
Last Modified: 2014-02-24
Hi guys,  hope you are all well and can help.

We have a need to limit modification of the e-mail address property  (ldap mail attribute) for all users in active directory.

What we need to do is this:
1) Give a group eg.Email admins, full control of all users' email address.
2) Restrict access to all other people eg.limit them to having read only on this mail attribute.

I have tried dsacls with no luck, and in the delegation control wizard, i cannot find this property.

Any help greatly appreciated.

The OU where all the users is is ad follows:

OU=Users,CN=net,CN=company

Thanks everyone.
0
Comment
Question by:Simon336697
1 Comment
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39853703
Organizational and Recipient Exchange Groups have access to modify these settings by default. Domain Admins by default will have access to this attribute by default as well viewing it/changing it via Active Directory Users and Computer Properties of a specific account. As long as they are not part of either of these groups they should not be able to modify this setting unless you have made custom security groups and delegated control.

Will.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question