Solved

Deligate user to update their self information on AD such as phone number.

Posted on 2009-04-02
7
144 Views
Last Modified: 2012-05-06
I'd like let user to update their particular self user account information such as Phone informaton or Department Information. It seems that it is not allowed by default in AD. I know deligation wizard might help but I'm not sure if it can restrict the access to "self". I don't want user to change another peoples information. Also want to be flexible to permit/restrict updateable field.
0
Comment
Question by:kimakabane
  • 5
  • 2
7 Comments
 
LVL 7

Expert Comment

by:maze-uk
ID: 24049383
Best Practices for Delegating Active Directory Administration
http://www.microsoft.com/downloads/details.aspx?familyid=631747a3-79e1-48fa-9730-dae7c0a1d6d3&displaylang=en

In the appendice of this document, you'll find the exact rights necessary. I suppose the right should be given to 'SELF'
0
 

Author Comment

by:kimakabane
ID: 24050329
Thanks, but I hope to know step by step procedure with some example.
0
 
LVL 7

Expert Comment

by:maze-uk
ID: 24050871
on the GPO containing the users, right click on it, and select properties.
Go into security, advanced
Click Add...
type SELF, and click OK
(optional: if users name or account contain 'self', they will show here, so select the one with 'SELF' as RDN, and click OK)
in PERMISSIONS ENTRY FOR USERS: on the Properties Tab,
in Apply onto, select User Objects,
then select the permission/proipery you want to apply.
Once finished, click OK as menay times as necessary to close the windows...
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 7

Expert Comment

by:maze-uk
ID: 24050896
exemple of permissions you'll find:
'Write General Information', will allow the user to edit his email and phone number...
0
 
LVL 7

Expert Comment

by:maze-uk
ID: 24050910
though I can see there is a specific one for mail and phone too: 'Write Phone and Mail Option'...
0
 
LVL 7

Accepted Solution

by:
maze-uk earned 250 total points
ID: 24050938
I attach a screenshot:
advancedsecurity.jpg
0
 

Author Comment

by:kimakabane
ID: 24051112
Thanks! Very helpful.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question