From LedHed's Wiki
Jump to: navigation, search
 
Line 8: Line 8:
 
Search for the attribute you want to make visible. <br>
 
Search for the attribute you want to make visible. <br>
 
Set its value as follows: <br>
 
Set its value as follows: <br>
0 = Show Read & Write
+
0 = Show Read & Write <br>
1 = Show Write
+
1 = Show Write <br>
2 = Show Read
+
2 = Show Read <br>
7 = Hidden
+
7 = Hidden <br>
  
  

Latest revision as of 00:58, 17 March 2016

Overview

AD doesn't display all of the LDAP attributes that are available. If you want to make use of one of these attributes and need to set permissions on them, you'll find that they are not shown. Below are the steps to display these hidden attributes so that you can make permissions changes.


How to enable view of hidden attributes

Open %systemroot%\System32\dssec.dat with Notepad.exe run as Administrator.
Search for the attribute you want to make visible.
Set its value as follows:
0 = Show Read & Write
1 = Show Write
2 = Show Read
7 = Hidden


Notes

I recommend doing this on a workstation with the Remote Administrator Tools (RSAT) tools installed. You don't want to make changes to windows system files on Domain Controllers.


References

http://social.technet.microsoft.com/wiki/contents/articles/20746.how-to-allow-the-delegation-of-filtered-properties-in-active-directory-users-and-computers.aspx