In the 3.6.1 AD driver docs, there is now a section on changing
permissions on Deleted Objects.
It is a straight rip from the MS doc:
The Novell doc link is:
So, I have never seen that before, and never had to do it.
We are trying with to do this on a 2003 domain, and we cannot find the
CN=Deleted Objects,DC=Doman,DC=com object even when logged in as an
admin who should have rights.
Also, the dsacls.exe we are using does not have the /takeownership flag
Whatzzup with all this? Anyone know?
Is it necessary? When? Why?