« Security Patch Breaks Printing in Outlook 2007 - Recalled by MicrosoftPowershell scripting with ESX 4.x »

User account not shown in Active Directory unless Advanced Mode enabled - Cisco Unity is the Culprit

04/18/11

Permalink 08:56:31 am, by Fred Parks, 184 words
Categories: General Security, Systems Security Management

User account not shown in Active Directory unless Advanced Mode enabled - Cisco Unity is the Culprit

I recently ran into a situation where certain users in Active Directory were just not showing up for some administrators while other admins could see them just fine. Upon further investigation it became evident that if the Advanced Mode of Active Directory Users and Computers was not enabled, the user accounts were hidden. Using the Attribute Editor tab of the user's account I took a look at the attribute "showinAdvancedViewOnly" and sure enough the setting was enabled.

Cisco Unity was installed in this environment and the users that were not showing up in AD also happened to have the setting "Show subscriber in email server address book" unchecked in Unity. Unity was not only making the change that was intended for removing the user from the address book but was also setting the attribute "showinAdvancedViewOnly" as well.

If you experience the same issue the workaround is simple. Edit the attribute "showinAdvancedViewOnly" on the user's account with either the built-in Attribute Editor tab of the user account page (if you have AD 2008) or use a tool like ADSIedit or LDP.exe to perform the change.

Priveon, Inc.

Today's complex security and networking solutions require a great deal of knowledge to successfully support and operate. Priveon uses the field experience of its expert staff to develop and maintain a positive reinforcement loop between business practices and to provide the latest information to our customers. The information posted here is supported by Priveon subject-matter experts.

Search

XML Feeds

Archives