Article ID: 943100 - Last Review: November 14, 2007 - Revision: 1.3
How to set restrictions on a site collection to allow only users in a particular organizational unit on a computer that is running the 2007 Office servers Service Pack 1
INTRODUCTION
This article describes how to set restrictions on a site
collection on a computer that is running the 2007 Microsoft Office servers Service Pack 1 (SP1). The article discusses how to allow access only for
users in a particular organizational unit (OU).
MORE INFORMATION
Administrators can use the stsadm.exe
command to set restrictions on a site collection to
allow access only for users in a particular OU. To do this, follow these steps:
To enable the administrator to manage the site collection, type the following at the command prompt, and then press ENTER:
To see the list of allowed administrator directory paths, type the following at the command prompt, and then press ENTER:
- Click Start, click Run, type cmd, and then click OK.
- At the command prompt, type the following command, and then
press ENTER: cd /d %programfiles% \Common Files\Microsoft Shared\Web Server Extensions\12\BIN
- At the command prompt, type the following command, and then
press ENTER: stsadm.exe –o setsiteuseraccountdirectorypath –url site collection url -path OU pathFor example, type the following at the command prompt:setsiteuseraccountdirectorypath –url http://server/sites/s1 -path "OU=MSCRM,DC=redmond,DC=corp,DC=microsoft,DC=com"Note The path will be the full distinguished name of the OU. The command will set the restrictions to allow only users under "OU=MSCRM,DC=redmond,DC=corp,DC=microsoft,DC=com" to be added to the site collection http://server/sites/s1.
stsadm.exe –o getsiteuseraccountdirectorypath –url
site collection url
When the
administrator uses the Stsadm.exe tool or another management tool to manage the
site collection, the administrator will be added as a user to the site
collection. The command in step 3 will block the administrator from managing
the site collection if the administrator does not belong to the OU. To enable the administrator to manage the site collection, type the following at the command prompt, and then press ENTER:
stsadm.exe -o setproperty -url
webappurl -pn
"peoplepicker-serviceaccountdirectorypaths" -pv
paths
Note In this command, paths is a placeholder for a semicolon-separated list of
distinguished names.To see the list of allowed administrator directory paths, type the following at the command prompt, and then press ENTER:
stsadm.exe -o getproperty -url
webappurl -pn
"peoplepicker-serviceaccountdirectorypaths"
Note: This article is from Microsoft Knowledage Base
How we have helped PC users like you
In the News: Read More In ...
Related problems posted by other users | |
| more... |