Home
ASP.NET Forums » Data Access » Active Directory and LDAP » AD - users and permissions - help needed

AD - users and permissions - help needed

Last post 05-07-2008 7:34 AM by jeff7. 4 replies.

Sort Posts:

  • AD - users and permissions - help needed

    05-07-2008, 4:58 AM
    • Loading...
    • jeff7
    • Joined on 05-07-2008, 4:40 AM
    • Posts 3

    Hi :)

    Need to create two users with granted permissions:

    First user can create/delete/edit GROUPS, but cannot add any members for any GROUPS.

    Second user can create/delete/edit USERS and can insert/delete USERS in any GROUPS, but cannot delete/create/edit any GROUPS properties and GROUPS at whole.

    Possible mission?:)

    Thanks. 

    p.s. sorry :) for bad english. but help needed :)

  • Re: AD - users and permissions - help needed

    05-07-2008, 5:48 AM
    • Loading...
    • naspinski
    • Joined on 04-25-2008, 1:12 PM
    • Posts 13

    Why don't you just do this through 'AD Users and Computers'?

  • Re: AD - users and permissions - help needed

    05-07-2008, 6:27 AM
    • Loading...
    • jeff7
    • Joined on 05-07-2008, 4:40 AM
    • Posts 3

    Im AD newbie(7day), i dont understand what options need to turn it On for take that actions.

    I can access to Group Policy Object Editor:

     Default Domain Controllers Policy[blablabla]->Computer Configuration->Windows Settings->Security Settings->Local Policies->User Rights Assignments --- And there set some options;

    Or I need to do changes in 'AD Users and Computers' ->Domain ->Users-> There set user or group (properties)-> set Security tab -> Group or User names: For example, Account Manager(group) and press button "Advanced" for more Features -> tab Permissions and there put needed permissions?:) ... If needle Group is memberOf other Group with more allowed permissions... how this work i dont understand. :) Help me.

    Which features answer for my first reply question?:) What Group or User names i must set for grant thats features?
     

  • Re: AD - users and permissions - help needed

    05-07-2008, 6:36 AM
    • Loading...
    • johram
    • Joined on 06-13-2006, 6:36 AM
    • Sweden
    • Posts 1,865
    • Moderator

    You will need to modify the Access Control List (ACL) of the user object. Unfortunately, this is not very well documented for .net. I would recommend you to get your hands on the "bible" The .NET Devloper's Guide to Directory Services Programming by Kaplan/Dunn. If you look in chapter 8, it is explained how you can modify security descriptors.

    Here's an article on CodeProject that explains the basic theory for retrieving ACLs from Active Directory: Access Control List in C# 2.0

    Classes involved are ActiveDirectorySecurity and ActiveDirectoryAccessRule.

    [Edit: My suggestions apply if you want to solve this in code. Otherwise you can do the changes directly in AD Users & Computers.]

     

    If this post was useful to you, please mark it as answer. Thank you!

  • Re: AD - users and permissions - help needed

    05-07-2008, 7:34 AM
    • Loading...
    • jeff7
    • Joined on 05-07-2008, 4:40 AM
    • Posts 3

    Thanks, johram.

    But i want do the changes directly in AD Users & Computers.

    Have no money for that book, have no time. :)

    p.s. I m waiting :)) mega hero who help me... Press here. and here. and then here... that all i need. :)
Page 1 of 1 (5 items)
RSS Available

Advertise on ASP.NET

About this Site