Permissions to be able to add/delete contacts in Distribution Groups

I am trying to delegate the task of adding contacts in Active Directory in the "Distribution Groups" OU. What permissions do I need to grant a user for him to be able to do this? I have tried delegating control to him over the desired Contacts folder and above and giving him read/write over the Global Address List in Exchange System Manager. What's the trick here? The symptoms are that he simply doesn't see the option to add a contact when he right-clicks in AD and selects "new". He also can't rename contacts or edit them.

Any ideas?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jian An LimSolutions ArchitectCommented:
you need to grand the right modify the membership of a group
(right click the OU, and delegate control)
FoggierAuthor Commented:
Tried that. Any other ideas?
Jian An LimSolutions ArchitectCommented:
goto the specific disitribution group
goto managed by, and change to the user. and select "manager can update membership list"
* I believe that "the task of adding contacts in Active Directory in the "Distribution Groups" OU"; by this you mean  that you have a proper Organizational Unit (OU) in Active Directory Users and Computers (ADUC) console.

* So going with that assumption, if you want the user to be able to create any "Contact" object in that particular OU, then you could use the "Delegation of Control Wizard" in ADUC.

* Right click that "Distribution Groups" OU and then say Delegate Control.

* Follow the wizard, select the user whom you wish to grant the control, and then in Task to Delegate select the "Create a custom task to delegate" option.

* In the next page select "Only the following objects in the folder" and then from the below options select "Contact Objects"

* Then select "Create selected objects in this folder" and "Delete selected objects in this folder"  as per your requirement whether you want to grant permission to crerate or delete the contacts.

* Then in the Permissions page select what all rights you want to grant on that object, that is of the Contact object what all properties you would like that user to write or read and grant the permissions accordingly (properties as such as fiing the Description or any other attribute of the contact)

* Finally say finish and you have the delegate ready

Good Luck (^_^)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.