Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Enable a user to only change certain items in AD

Posted on 2001-06-13
4
Medium Priority
?
146 Views
Last Modified: 2010-04-13
We are running Win 2k server w/ Exchange 2k.  I need to enable the HR Mgr to edit personal info in the properties of each user so that it shows up in the Global Address List.  Is there a way to allow the HR Mgr to edit info in certain tabs of the users properties?  I would prefer not to give this person Account Operator permissions.  An example is this:

I create a new user named Jane Doe.  The HR Mgr now needs to enter Jane's info for address, telephones, organization in the corresponding tabs in AD Users.  The HR Mgr should not be able to edit any other tabs.

Thanks.
0
Comment
Question by:robinsonbpc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 32

Accepted Solution

by:
jhance earned 800 total points
ID: 6186211
That's a tricky problem.  I don't think you can selectively limit certain fields in the User Manager.  It an all or nothing proposition.  (Of course if there _is_ a way, I'm sure someone will point it out....)

I've seen this approached, however, using the following technique.  You need to use a SERVICE (and you probably need to either write one or get someone to write one) so that you have an application that runs with sufficient privilege on the machine to make the changes to the user account database.  The service either talks to the account management functions directly or uses one of the command line utils that modify user accounts to update the accounts.  Then you provide a user interface program that your HR guy can run that talks to the service.  The service only accepts certain requests from the user interface and so it only permits allowed operations.

It's a bit of work but I think this is the best way to accomplish this.
0
 
LVL 5

Expert Comment

by:cempasha
ID: 7858897
Dear questionner/expert(s)

No comment has been added lately, so it's time to clean up this TA.
I'll leave a recommendation in the Cleanup topic area that this question is to be:

- PAQ'd and pts removed

Please leave any comments here within the next seven days.

==> PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER ! <==

PaSHa

Cleanup volunteer
0
 
LVL 32

Expert Comment

by:jhance
ID: 7863475
I disagree.  My comment is a valid solution here and should be FORCE ACCEPTED.
0
 

Expert Comment

by:SpideyMod
ID: 7924289
Answered by jhance

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question