need to give permision to a user who could change user infomations in the AD, such as phone number,department, etc

Posted on 2008-11-04
Medium Priority
Last Modified: 2012-05-05
Hi Experts,
I need to find way to delegate control to a non technical user to control the AD user account information , for an example phone number,department. what is my option and how to do this ?
Question by:Thushya
  • 3
  • 2
LVL 12

Expert Comment

ID: 22882484

You need to use the Deligation of Control Wizard. Right-Click the OU that you wish to delegate control of and select Delegate Control. Follow the wizard to add the group or user  and specify what you want them to be able to do.


That site my help you

Author Comment

ID: 22882534
Hello jjmartineziii,
thanks for the quick update, i am bit worried about this, we used to do this but now time to delegate control to that particular user.i can create the custom task for delegation , but do not want end up more than what the permission enough to do the task, i am not sure what will the enough and less risky for me.

the task is to change account information specially in department and phone number attribute in the user accounts, any specific task you can name it?

thanks again.
LVL 12

Accepted Solution

jjmartineziii earned 2000 total points
ID: 22882726
Delegation of control is the only way to do it. I recommend you create a custom task. Then on the permissions tab, select property-specific. Select the write read/write permissions on the ones you wish to give.

For example, if you wish to give  the ability to edit the street address, give them "Read street" and "Write st"

Author Comment

ID: 22884910
this is what exactly i am looking for - thank you :)

Author Closing Comment

ID: 31513378
thank you.

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question