Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Anyone using Active Directory as sole (enterprise) directory server?
It is my understanding though that the standard attributes (cn and the like) cannot be marked confidential and so are visible to all authenticated users. You could try to use only custom attributes but then most AD-centric products would fail to work because they expect the standard attributes. Managing the AD itself would also become problematic because Microsoft's tools expect you to use the standard attributes. It appears to me that AD remains incapable of properly supporting FERPA requirements and confidentiality requests. I'd love to be proven wrong about this because we do have to support AD for Office365 and several AD-centric products and I am hesitant to support putting more of our enterprise identity data into AD because of this. Regards, Brendan Bellina USC