AD - Delegate authority to edit Organization Tab

Is there a way to delegate a group to edit just the Organization tab in AD to enter reporting manager, etc?  We have an applicaiton that will use this data and we'd like to give someone in HR the ability to edit just this info.
gunscheeAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
George SasConnect With a Mentor IT EngineerCommented:
Select the OU you want to delegate the task on.
Right Click and say :All Tasks > Delegate Control
Add the delegated users.
Then on the next step select "Create a custom task to delegate"
Next
Select of only that folder or all the folders within.
Next
Select Property Specific.
Find the property you want them to have access to and then next and finish.
0
 
KCTSCommented:
In theory you could but I don't know its something I would attempt without testing it on a virtual machine as it involves manually changing the Access Control List (ACL) on the AD properties - there is a guide at http://redmondmag.com/columns/article.asp?EditorialsID=617
0
 
George SasIT EngineerCommented:
Dunno.... for such a small task I would not set up a test environment just for that.
It's a simple delegation of giving access to change one specific object property ..
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
KCTSCommented:
To be honest I never even though to doing it your way - I conceed to you - its much better than my suggestion to hack the AD ACLs :-)
0
 
gunscheeAuthor Commented:
What actual properties would I select? I built a test OU and put myself in there, and chose read managed by and write managed by.  From the AD snap in on my user desktop I can see most everything in AD, and cannot change the management entry.
0
 
George SasIT EngineerCommented:
Try to refresh the Group Policy on the machine.
0
 
gunscheeAuthor Commented:
Tried the refresh and still no go.  Strange!
0
 
gunscheeAuthor Commented:
Anyone else?  This still isn't working here.
0
 
George SasConnect With a Mentor IT EngineerCommented:
Do you have the rigt to read all user's properties ?
You will need :
Read
Read all properties
Read Managed By
Write Managed by
0
 
gunscheeAuthor Commented:
"Do you have the rigt to read all user's properties ?
You will need :
Read
Read all properties
Read Managed By
Write Managed by"

Just did all of that, forced the policy, and still can't edit the managed by box.  Could something else be overriding it?
0
 
George SasIT EngineerCommented:
Maybe you have another GPO that ovverides it or blocks that.
Try to add your user under the security of one user , grand READ all and write all the fields in the Organisation tab.
Should work unless you have somewhere something denying this.
0
All Courses

From novice to tech pro — start learning today.