Solved

Allow limited edits to active directory

Posted on 2012-03-22
2
404 Views
Last Modified: 2012-03-22
Our HR department is requesting access to edit users in active directory.  I have no issue with this, but I want to restrict them to certain fields.  They should only be able to edit the address, telephone and organization tabs.  It would also be nice if they could edit a few fields on the general tab.

I know how to delegate permissions to users/groups in AD.  I just can't figure out how to restrict access to what I just explained.  Is this possible?
0
Comment
Question by:PC2009
2 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 37754667
You have to give them rights to just those attributes.  They would also still have to use ADUC to edit.  

Do they already have an HR database?

I'd think about a third party (or build your own) front end, something like directory manager

http://www.ithicos.com/

Thanks

Mike
0
 

Author Comment

by:PC2009
ID: 37754728
Yea, I think you're right.  A 3rd party would be much easier for non-IT people to navigate.  I will take a look at ithicos and a few others.  Thanks for the input!
0

Join & Write a Comment

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now