none
Managed by attribute usage RRS feed

  • Question

  • Hi,

    Please help me to understand the usage of "Managed by" attribute. If we right click -properties of Group / computers there we can see the attribute called "Managed By".


    Thursday, August 15, 2019 1:11 AM

Answers

  • Hi,

    Have a good day!

    Thanks for your question.

    You can use AD "Managed By" attribute to save the guardian information of a group or computer object. 

    When you make the change in Active Directory Users and Computers, AD sets the value of managedBy on the group object to be the distinguished name (DN) of guardian's account. Note that when setting the Managed By value, you have the option to select Manager can update membership list. If you want only to assign guardianship for informational purposes, then you probably don’t want to select the option, but it otherwise provides a shortcut method of assigning delegated management of the group membership to the guardian. 

    Also aduser has "managedobjects" attribute, it will save the DN of the managed group or computer object.

    As far as I know, if you don't choose "manager can update membership list" option, this attribute only used to assign guardianship for informational purposes.


    Best regards,

    Lee


    Just do it.

    • Marked as answer by mcsebala Friday, August 16, 2019 5:29 AM
    Thursday, August 15, 2019 3:26 AM
    Moderator
  • Thank you for the response
    • Marked as answer by mcsebala Friday, August 16, 2019 5:29 AM
    Friday, August 16, 2019 5:29 AM

All replies

  • Hi,

    Have a good day!

    Thanks for your question.

    You can use AD "Managed By" attribute to save the guardian information of a group or computer object. 

    When you make the change in Active Directory Users and Computers, AD sets the value of managedBy on the group object to be the distinguished name (DN) of guardian's account. Note that when setting the Managed By value, you have the option to select Manager can update membership list. If you want only to assign guardianship for informational purposes, then you probably don’t want to select the option, but it otherwise provides a shortcut method of assigning delegated management of the group membership to the guardian. 

    Also aduser has "managedobjects" attribute, it will save the DN of the managed group or computer object.

    As far as I know, if you don't choose "manager can update membership list" option, this attribute only used to assign guardianship for informational purposes.


    Best regards,

    Lee


    Just do it.

    • Marked as answer by mcsebala Friday, August 16, 2019 5:29 AM
    Thursday, August 15, 2019 3:26 AM
    Moderator
  • Thank you for the response
    • Marked as answer by mcsebala Friday, August 16, 2019 5:29 AM
    Friday, August 16, 2019 5:29 AM