Add Attributes to your Active Directory Schema and Manage ..

Archived from groups: microsoft.public.win2000.active_directory (More info?)

In case anyone is interested, we wrote a short paper on Active
Directory attributes and their security. The paper shows how to create
a new Active Directory attribute, add it to an existing container (user
class), and configure its security using Active Directory control
access rights.

To perform each of the steps, the paper employs four different
techniques: administration via the GUI, administration via the command
line, scripting using the COM ADSI interfaces in VBScript, and
programming using the DirectoryServices library in Visual Basic .NET.

Add Attributes to your Active Directory Schema and Manage their
Permissions Efficiently
Philippe Lacoude & Rajnish Sinha
Washington, D.C.
April 2005 (Version 1.1)­blic/Attributes.aspx
2 answers Last reply
More about attributes active directory schema manage
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Without the broken link:
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hi Philippe,

    Thanks for putting up a site, it has good info. However, it does not address
    a situation am facing:

    When using ADU&Cs, I would like to see an extended permission/task list in
    ACL dialog box for a customized object in the schema. Currently it shows
    Read,List,Modify,Delete etc for most objects. I would like to append the
    above permission list with new permissions like: clear log, send alert etc.

    So far, I have tried this:
    Yes, I tried to add a new control-access-right(CAR) in the schema by doing:

    > Dn: CN=myperm,CN=Extended-Rights,CN=Configuration,DC=xx,DC=com
    > changetype: add
    > cn: myperm
    > rightsGuid: 36BB01B9-AFC0-4972-94C4-82275B949401
    > objectClass: controlAccessRight
    > appliesTo: 5e0ad683-eb2c-4675-9e94-aff90f69af7f
    > #showInAdvancedViewOnly: TRUE
    > validAccesses: 256

    and gave it the schemaIDGUID of the object I want to apply this CAR
    to. Also made a modification in the c:\windows\system32\dssec.dat file. But
    with this approach, depending on the value entered in the dssec.dat for the
    it displays either as "read myperm" or "write myperm" (read/write
    getting prefixed to my car). So, in my I would be getting "read clear
    log file" but I need "clear log file" instead.

    Any comments on what's wrong?

    Much thanks.

    "Philippe Lacoude" wrote:

    > Without the broken link:
Ask a new question

Read More

Security Active Directory Windows