Information Technology Reference
In-Depth Information
Delete Tree
Deletes an OU and the objects within it
List Contents
Views objects within an OU
List Object
Views a list of the objects within an OU
Read
Views properties of an object (such as a username)
Write
Modifies properties of an object
Using ACLs and ACEs
Each object in Active Directory has an access control list (ACL) . The ACL is a list of user
accounts and groups that are allowed to access the resource. For each ACL, there is an
access control entry (ACE) that defines what a user or a group can actually do with the
resource. Deny permissions are always listed first. This means that if users have Deny
permissions through user or group membership, they will not be allowed to access the
object, even if they have explicit Allow permissions through other user or group permissions.
Figure 7.7 shows an ACL for the Sales OU.
figure 7.7
The ACL for an OU named Sales
The Security tab is enabled only if you selected the Advanced Features
option from the View menu in the Active Directory Users and Computers
tool.
 
Search WWH ::




Custom Search