Allow limited edits to active directory

Our HR department is requesting access to edit users in active directory.  I have no issue with this, but I want to restrict them to certain fields.  They should only be able to edit the address, telephone and organization tabs.  It would also be nice if they could edit a few fields on the general tab.

I know how to delegate permissions to users/groups in AD.  I just can't figure out how to restrict access to what I just explained.  Is this possible?
PC2009Asked:
Who is Participating?
 
Mike KlineConnect With a Mentor Commented:
You have to give them rights to just those attributes.  They would also still have to use ADUC to edit.  

Do they already have an HR database?

I'd think about a third party (or build your own) front end, something like directory manager

http://www.ithicos.com/

Thanks

Mike
0
 
PC2009Author Commented:
Yea, I think you're right.  A 3rd party would be much easier for non-IT people to navigate.  I will take a look at ithicos and a few others.  Thanks for the input!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.