Hi all,
I would like that one account can only see the user attributes below
- userAccountControl
- name
- displayName
- cn
- SamAccountName
- ProxyAddresses
- objectSID
- objectGUID
- I've use DACLS to restrict the rights to all other attributes but evenif I see the ACL with Denied, I can always see the attribute.
dsacls "CN=blot,OU=internalriv" /D lbpy@priv:RPWP;"displayName";user /I:S
If as first step I denied all attributes and allow the attributes, I can't see any of them.
Tanks in advance.