On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.
Course Of The Month
1 day, 14 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Give HR Employees Access to Edit Active Directory Info
Posted on 2011-02-25
What is the best method to give our HR employees access to edit some minor Active Directory information in our AD 2003 Environment? We would primarily like them to edit the Organization tab to update our organizational structures.
Also - once access is granted, what is the best tools/utilities to load on their computers so that they may edit AD info?
Thank you -
Also - once access is granted, what is the best tools/utilities to load on their computers so that they may edit AD info?
Thank you -
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2 Comments
Active 6 days ago
Hi,
You can create a security group and then use "Delegate Control" to give required level of control to modify and update Organization Tab Attribute.
Users can use Adminpack, or just the directory services users and computers snapin to update the changes.
You can create a security group and then use "Delegate Control" to give required level of control to modify and update Organization Tab Attribute.
Users can use Adminpack, or just the directory services users and computers snapin to update the changes.
Active today
I would also agree with v-2nas that delegation of permissions is the way to go.
Give this a quick read through for the basics. If you have any specific questions post back.
http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html
As far as what tool to manage the users the HR employees will be using the acitve directory users and computers snap in to modify the accounts. However depending on how you have your OU structure configured you may be able to go even one step further and create a custom MMC for them.
This custom MMC can be useful if all of your user accounts are in the same OU. You can set this MMC to only open to that location and they will not be able to even browse the other OUs.
http://www.petri.co.il/create_taskpads_for_ad_operations.htm
A little more info on the custom MMC
Give this a quick read through for the basics. If you have any specific questions post back.
http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html
As far as what tool to manage the users the HR employees will be using the acitve directory users and computers snap in to modify the accounts. However depending on how you have your OU structure configured you may be able to go even one step further and create a custom MMC for them.
This custom MMC can be useful if all of your user accounts are in the same OU. You can set this MMC to only open to that location and they will not be able to even browse the other OUs.
http://www.petri.co.il/create_taskpads_for_ad_operations.htm
A little more info on the custom MMC
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This Micro Tutorial hows how you can integrate Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease.
The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages?
You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses
Course of the Month1 day, 14 hours left to enroll
Earn Certification
MCSA Configuring Windows 7 Exam 70-680
$49.00$44.10
717 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.