We want to delegate administration of our staff OU to a receptionist so they can update user details (mostly phone number) , reset passwords, etc. (server 2003 R2)
I have installed adminpak on the receptionist PC and delegated administrative rights on the OU as described here: http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html
We find that the receptionist can ammend the phone numbers of most users in the OU, but some users appear to be read only and she cannot change their properties. All users are in the same OU, it is hard to see what is different between the users she can change, and the ones she can't.
Any help appreciated.