From LedHed's Wiki
Jump to: navigation, search

Overview

AD doesn't display all of the LDAP attributes that are available. If you want to make use of one of these attributes and need to set permissions on them, you'll find that they are not shown. Below are the steps to display these hidden attributes so that you can make permissions changes.


How to enable view of hidden attributes

Open %systemroot%\System32\dssec.dat with Notepad.exe run as Administrator.
Search for the attribute you want to make visible.
Set its value as follows:
0 = Show Read & Write
1 = Show Write
2 = Show Read
7 = Hidden


Notes

I recommend doing this on a workstation with the Remote Administrator Tools (RSAT) tools installed. You don't want to make changes to windows system files on Domain Controllers.


References

http://social.technet.microsoft.com/wiki/contents/articles/20746.how-to-allow-the-delegation-of-filtered-properties-in-active-directory-users-and-computers.aspx

Retrieved from "http://wiki.ledhed.net/index.php?title=AD_Hidden_Attributes&oldid=3303"