• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 418
  • Last Modified:

Allow limited edits to active directory

Our HR department is requesting access to edit users in active directory.  I have no issue with this, but I want to restrict them to certain fields.  They should only be able to edit the address, telephone and organization tabs.  It would also be nice if they could edit a few fields on the general tab.

I know how to delegate permissions to users/groups in AD.  I just can't figure out how to restrict access to what I just explained.  Is this possible?
0
PC2009
Asked:
PC2009
1 Solution
 
Mike KlineCommented:
You have to give them rights to just those attributes.  They would also still have to use ADUC to edit.  

Do they already have an HR database?

I'd think about a third party (or build your own) front end, something like directory manager

http://www.ithicos.com/

Thanks

Mike
0
 
PC2009Author Commented:
Yea, I think you're right.  A 3rd party would be much easier for non-IT people to navigate.  I will take a look at ithicos and a few others.  Thanks for the input!
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now