Rowland Penny
2021-Jul-21 17:43 UTC
[Samba] How to create an user with isCriticalSystemObject or/and showInAdvancedViewOnly
On Wed, 2021-07-21 at 17:29 +0000, * Neustradamus * wrote:> I would like to hide an account at creation with > isCriticalSystemObject or/and showInAdvancedViewOnly. > > If the command does not exist, maybe time to add? > > For security reasons... >I am fairly sure you cannot hide an individual AD object, I believe you can stop a user from seeing certain AD objects, but you would have to do this for every user. It also wouldn't stop anyone on a Unix domain member (at least) from searching for them with ldap tools (ldapsearch etc) Rowland
* Neustradamus *
2021-Jul-21 17:53 UTC
[Samba] How to create an user with isCriticalSystemObject or/and showInAdvancedViewOnly
The user has all rights in the AD and this account is showed in all Address Book. Other accounts and groups with "isCriticalSystemObject=TRUE" OR "showInAdvancedViewOnly=TRUE" are hidden. How I can do to this AD admin account? ________________________________________ From: samba <samba-bounces at lists.samba.org> on behalf of Rowland Penny via samba <samba at lists.samba.org> Sent: Wednesday, July 21, 2021 19:43 To: sambalist Subject: Re: [Samba] How to create an user with isCriticalSystemObject or/and showInAdvancedViewOnly On Wed, 2021-07-21 at 17:29 +0000, * Neustradamus * wrote:> I would like to hide an account at creation with > isCriticalSystemObject or/and showInAdvancedViewOnly. > > If the command does not exist, maybe time to add? > > For security reasons... >I am fairly sure you cannot hide an individual AD object, I believe you can stop a user from seeing certain AD objects, but you would have to do this for every user. It also wouldn't stop anyone on a Unix domain member (at least) from searching for them with ldap tools (ldapsearch etc) Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba