In our LinkedIn User Group, we had a customer ask if GroupID could set the Max Send Size on messages to a group. What they are doing is delegating control of groups to their users but want to maintain control. So they have implemented the appropriate amount of workflow (on group creation, on join requests, etc). But they also need to keep settings like these that they used to do in (Active Directory Users & Computers) ADUC.
Of course, this is exactly why you have Active Directory self service, to give control to end users without giving them too much control. With a properly implemented web based frontend to AD, you can expose anything in Active Directory. And with a strong set of controls, limit what can be done. So, for their specific request, the answer is yes.
The AD attribute is called delivContLength (while the ugly MS display name is ms-Exch-Deliv-Cont-Length) and it accepts integer values. A null value in delivContLength means that there is no message size limit and this is where it usually defaults.
You can add this attribute in the AD self service portal as a plain text box or a dropdown with kilobyte values like: 512, 1024, 2048, etc. By creating the dropdown, you eliminate the possiblity of someone leaving it blank or worse yet adding some extra zeroes at the end. In fact, you could even place a workflow on the field so any changes would have to be approved by a manager, helpdesk or administrator.
Here’s a screenshot of how to set it:
Here’s a screenshot of what it looks like in the AD group properties in Self-Service:
This was a pretty simple example of what can be done with a properly constituted Active Directory self service portal but illustrates why you need to have control. There is a reason you don’t open up ADUC to end users — they will cause havoc. But if you can open the functionality that you need them to have while retaining the control you need to have, you get the best of both worlds.
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.