Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.
Give HR Employees Access to Edit Active Directory Info
What is the best method to give our HR employees access to edit some minor Active Directory information in our AD 2003 Environment? We would primarily like them to edit the Organization tab to update our organizational structures.
Also - once access is granted, what is the best tools/utilities to load on their computers so that they may edit AD info?
Thank you -
Also - once access is granted, what is the best tools/utilities to load on their computers so that they may edit AD info?
Thank you -
Asked:
2 Solutions
I would also agree with v-2nas that delegation of permissions is the way to go.
Give this a quick read through for the basics. If you have any specific questions post back.
http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html
As far as what tool to manage the users the HR employees will be using the acitve directory users and computers snap in to modify the accounts. However depending on how you have your OU structure configured you may be able to go even one step further and create a custom MMC for them.
This custom MMC can be useful if all of your user accounts are in the same OU. You can set this MMC to only open to that location and they will not be able to even browse the other OUs.
http://www.petri.co.il/create_taskpads_for_ad_operations.htm
A little more info on the custom MMC
Give this a quick read through for the basics. If you have any specific questions post back.
http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html
As far as what tool to manage the users the HR employees will be using the acitve directory users and computers snap in to modify the accounts. However depending on how you have your OU structure configured you may be able to go even one step further and create a custom MMC for them.
This custom MMC can be useful if all of your user accounts are in the same OU. You can set this MMC to only open to that location and they will not be able to even browse the other OUs.
http://www.petri.co.il/create_taskpads_for_ad_operations.htm
A little more info on the custom MMC
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
Tackle projects and never again get stuck behind a technical roadblock.
Join Now
You can create a security group and then use "Delegate Control" to give required level of control to modify and update Organization Tab Attribute.
Users can use Adminpack, or just the directory services users and computers snapin to update the changes.