Active Directory user object delegation  -  Write permissions for certain fields

Posted on 2007-08-02
Last Modified: 2008-05-30
I am trying to delegate write permissions to certain fields in user objects in the user ou.   I am able to delegate rights to certain fields without any problems...but I have yet been able to find the proper field names to delegate for other fields.   More directly..  I would like to give  a global group write access to the email field {General tab/Email Field} and I would also like to grant write access to office field {General tab/Office Field}   I have been able to grant write access to few other fields that I wanted {by delegation wizard or by manually adding rights under advanced options}.  In the end I just need to figure out what the field names are called in the delegate wizard menu {same names are used in advanced options}  Any help would be appreciated.  Thanks.
Question by:fertigj
    LVL 5

    Accepted Solution

    Below are the field names as they appear in ADSIEdit.msc from the Windows 2003 support tools which, as an aside, is one of the best tools for learning as well as troubleshooting....

    email = mail (for Primary SMTP, which is the General Tab, Email Field)
    email = ProxyAddresses (for other SMTP aliases)
    office = physicalDeliveryOfficeName (General Tab, Office Field)

    However, even though these are the field names you need, I do not see these fields in the delegate wizard, so it may not be possible to delegate permission to these fields through the Wizard.

    This article from may be helpful to you in further delegating permissions: - under the heading "How to Assign Permissions"  (about 1/3 down the page) it notes:

    "Click the Properties tab and scroll through the list to find the properties. Youll find an entry corresponding to StreetAddress easily enough, but youll look in vain for the PhysicalDeliveryOfficeName"

    Following below that are instructions for how to find and set things so you will ultimately be able to see that field in ADUC.

    LVL 1

    Author Comment

    That is exactly what I was looking for.  Thank you :)  

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
    Know what services you can and cannot, should and should not combine on your server.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now