No announcement yet.

All Users

  • Filter
  • Time
  • Show
Clear All
new posts

  • All Users

    I have observed that when I used Hyena to open "All Users", I am unable to view all users in the AD. The only users that are displayed seem to be those of administrators.
    However, I am able to see all users under the "Domain Users". This observation was made using an ordinary domain account. Pls note that if a domain administrator's acct is used, I don't encounter this behaviour.
    Is Hyena behaving as documented or is there some setting in AD that is required or shd certain rights be given to the acct that is being used? Thanks.

  • #2
    Re: All Users

    This isn't the normal behavior, but Hyena does not have control over what Active Directory elements get displayed.

    I'm not 100% certain, but Windows 2000 probably behaves much like NT, in that it will display general user information even for a normal domain user account. But you can change this behavior.

    When you view the All Users object in Hyena, Hyena makes a request to Active Directory to get all user accounts. Active Directory, in turn, will return only information that the active user's running Hyena security settings will allow them to see. Effectively, Active Directory 'hides' information from applications (Hyena) that they are not allowed to see.

    There also isn't any setting in Hyena to only view certain types of users accounts. The All Users object is hard-coded to show all users, regardless of their location, but of course, is still subject to being controlled by AD security.

    The only thing that I can think of, and this is a long shot, is if you have put all of your admin accounts into their own OU, and have setup security on this OU to allow everyone to view its contents (read all attributes), and secured all other OUs/Containers to not allow non-admins to view the contents.

    To check the security on an OU or user account, either:

    - Run the ADU&C MMC snapin and select the object, click on Security, and view the settings.

    - Subscribe to our Hyena beta list by sending an email to [email protected] and get the beta, which lets you view the security information in Hyena.

    Let me know what you find as this is a strange problem.
    Kevin Stanush
    SystemTools Software Inc.


    • #3
      Re: All Users

      Thanks to your valuable feedback, I was able to find the cause of the problem. Apparently, the users who were visible were part of the 'Builtin' OU. When compared to a user who is invisible, we found that the difference was having read access for 'Pre-Windows 2000 Compatibilty Access'. It worked fine when we tested a previously invisible user acct. I've found that this 'Pre-Win2k ..' object exist under the Builtin OU, but when I clicked on 'Members', it shows '\Everyone'. Is this correct? Thanks.