by I need to change all user accounts so that user dial-in rights are
controlled through remote access policy. I've discovered that the "Allow
access" and "Deny access" conditions are controlled by setting the attribute
msNPAllowDialin to TRUE or FALSE. However, it appears that the option for
remote access policy is controlled by the absence of this attribute.
I exported the AD with the command:
ldifde -f Exportuser.ldf -s <Servername> -d "dc=mydomain,dc=com" -p
subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l
"cn,givenName,objectclass,samAccountName,msNPAllowDialin"
and I get something like
dn: CN=Bob Smedley,OU=Users,OU=_CSD,DC=mydomain,DC=engr
changetype: add
cn: Bob Smedley
givenName: Bob
msNPAllowDialin: TRUE
objectClass: user
sAMAccountName: RSmedley
Some of my users have the msNPAllowDialin attribute set to TRUE. Others have
it set to FALSE. Others don't have it at all.
My question. How would I need to change the above LDF data to set dial-in
rights to "Control with remote access policy"?
thanks