|
Thank you ShaneEP for the extra help, I will try it.
I should have explained the whole purpose of what I am trying to achieve:
I want a number of different regular users to do certain actions in the Active Directory, but without giving them any permissions and explaining the DO's and DONT's.
So I build a front-end with KIX, which ask questions, validate the answers, and then generates the command file to be performed.
This allows a structured and controlled way of allowing this type of action; we feel it answers our needs for simple delegation and security.
Then the command file is copied to a folder where it is triggered for execution by an elevated domain account.
The command file is validated prior to execution, and an audit trail is kept.
I have, in the user front-end, some security validation, such as is the user allowed to perform this action on the destination account, does the destination account exist, etc.
So basically I have broken in 2 different parts the whole process, without giving regular user permissions in the Active Directory, plus the user is happy to just answer a few questions.
The process works no problem when the CN doesn't have special characters, like é, è, ç etc.
I might look at this from the wrong angle, and am very open to look at other ways of doing it, I just need the guidance.
Edited by marvince (2011-09-18 04:51 AM)
| 
