need to give permision to a user who could change user infomations in the AD, such as phone number,department, etc

Posted on 2008-11-04
Last Modified: 2012-05-05
Hi Experts,
I need to find way to delegate control to a non technical user to control the AD user account information , for an example phone number,department. what is my option and how to do this ?
Question by:Thushya
    LVL 12

    Expert Comment


    You need to use the Deligation of Control Wizard. Right-Click the OU that you wish to delegate control of and select Delegate Control. Follow the wizard to add the group or user  and specify what you want them to be able to do.

    That site my help you

    Author Comment

    Hello jjmartineziii,
    thanks for the quick update, i am bit worried about this, we used to do this but now time to delegate control to that particular user.i can create the custom task for delegation , but do not want end up more than what the permission enough to do the task, i am not sure what will the enough and less risky for me.

    the task is to change account information specially in department and phone number attribute in the user accounts, any specific task you can name it?

    thanks again.
    LVL 12

    Accepted Solution

    Delegation of control is the only way to do it. I recommend you create a custom task. Then on the permissions tab, select property-specific. Select the write read/write permissions on the ones you wish to give.

    For example, if you wish to give  the ability to edit the street address, give them "Read street" and "Write st"

    Author Comment

    this is what exactly i am looking for - thank you :)

    Author Closing Comment

    thank you.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
    When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
    Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now