Sounds like you want list object mode in AD.
By default, AD does not restrict listing objects in the directory. In a
traditional deployment such as for an enterprise, allowing users to list and
read the contents of the directory is normal and expected. However, because
there are stringent requirements for isolating subscriber information in a
shared directory, you need to perform a extra steps to prevent users from
reading or listing the contents of the parts of the directory each user
should not be able to access, to do this you set List Object Mode.
In order to do that you manually change the dsHeuristics value to 001 with
ADSI Edit or via the script below.
<snip>
Set oRootDSE = GetObject("LDAP://RootDSE")
configObjectDN = "LDAP://CN=Directory Service,CN=Windows NT,CN=Services,"
configObjectDN = configObjectDN & RootDSE.Get("configurationNamingContext")
Set configObject = GetObject(configObjectDN)
GetHeuristics
WScript.Echo "old heuristics: " & heuristics
newHeuristics = Left(heuristics, 2)
newHeuristics = newHeuristics & Left("00", 2-Len(newHeuristics))
newHeuristics = newHeuristics & "1"
WScript.Echo "new heuristics: " & newheuristics
If Len(heuristics) > 3 Then
newHeuristics = newHeuristics & Right(heuristics, Len(heuristics)-3)
End If
' WScript.Echo "new heuristics: " & newHeuristics
configObject.Put "dSHeuristics", newHeuristics
configObject.SetInfo
Sub GetHeuristics
On Error Resume Next
heuristics = configObject.Get("dSHeuristics")
If Err Then
If Err.Number = &H8000500D Then
' no error -- the dSHeuristics attribute was just unset
heuristics = ""
Else
WScript.Echo Err.Description
WScript.Quit(1)
End If
End If
End Sub
<snip>
See the Shared Web Hosting Guide for more information.
Regards,
/Jimmy
