Our HR department is requesting access to edit users in active directory. I have no issue with this, but I want to restrict them to certain fields. They should only be able to edit the address, telephone and organization tabs. It would also be nice if they could edit a few fields on the general tab.
I know how to delegate permissions to users/groups in AD. I just can't figure out how to restrict access to what I just explained. Is this possible?