We have a new tool that our users can use to reset their passwords. It includes security questions. The answers to the questions are stored (encrypted) in extensionAttribute1, 2, and 3. Right now, all users can view these attributes for any user. How do I set it so that the attributes are not readable by everyone? Thanks. John
jlindley9@gmail.com wrote: > We have a new tool that our users can use to reset their passwords. > It includes security questions. The answers to the questions are > stored (encrypted) in extensionAttribute1, 2, and 3. Right now, all > users can view these attributes for any user. How do I set it so that > the attributes are not readable by everyone? Thanks. You set permissions on the attributes for the objects. You do this by adding Access Control Entries to the ACL for the object, but masking the entires with a property flag (ADS_RIGHT_DS_WRITE_PROP etc) and specifying the GUID for the relevant attribute you're changing the permission on as the ObjectType http://msdn2.microsoft.com/en-us/library/aa705951(VS.85).aspx ADSI Edit is a useful tool while developing the code to do this.
