How To Give Read Access to Confidential Attribute To Non-Admin User

-

hello,

trying give service account user access confidential attribute (in our case, made drink attribute confidential) on our windows 2008 r2 ad instance. not want give user admin rights view it. technet articles i've found on subject suggest using dsacls command accomplish this. tried on our development environment, , worked!  then tried on production environment , didn't work. did not see difference between output when ran command on dev vs. production. here's output :

==============================

c:\windows\system32>dsacls "cn=admin,dc=example,dc=com" /g domain\user:ca;drink

.....

allow domain\user                special access drink
                                      control access

.....

command completed successfully

c:\windows\system32>

==============================

there's difference between production , dev environments. wasn't 1 set them not sure are. don't expect know either. looking for, however, list of things check causing user not able read drink attribute. appreciate help. let me know if need more information.

thanks!


i kept reading user needs read property permission (although didn't need add in our dev environment). able give rights, rights didn't translate user being able view drink attribute. permissions stand @ :

allow domain\user                special access drink
                                      control access
allow domain\user                special access drink
                                      read property




Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

WIMMount (HSM) causing cluster storage to go redirected (2012r2 DC)

-
looking options resolve error , prevent in future. thanks help. hardware: 2 node dell hv cluster running2012r2 dc 8 nic/ea in multiplex mode 4x hyper-v 4x hosts storage: 2x synology nas, accessed through iscsi hosts , cluster relevant logs: log name:      microsoft-windows-failoverclustering/diagnostic source:        microsoft-windows-failoverclustering date:          event id:      2050 task category: none level:         warning keywords:       user:          system computer:      l description: [dcm] filter wimmount found @ unsafe altitude 180700 log name:      system source:        microsoft-windows-failoverclustering date:         event id:      5125 task category: cluster shared volume level:         warning keywords:       user:          system computer: description: cluster shared volume 'volume1' ('cluster disk 1') has identified 1 or more active filter drivers on device stack interfere csv operatio
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema    running partition tests on : configuration    running partition tests on : test    running enterprise tests on : test.com       starting test: dns          test results domain
Read more

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authentication type: - eap t
Read more