Solved

Issues with giving a security groups certain permissions to modify accont fields

Posted on 2013-05-29
4
220 Views
Last Modified: 2013-05-30
Hi Experts,

At my organization, I am trying to allow my HR team to be able to modify certain user account fields within ADUC. The fields are:

First Name
Last Name
Display Name
Description
Office
Job Title
Department
Company
Manager (Being able to choose and assign managers to the user account in ADUC)

Can anyone list each specefic permission required to allow a security group to modify the fields listed above? We will apply the perms using the delegation wizard on the OU which will hold all the user accounts we want HR to modify.
0
Comment
Question by:kj_syence
  • 2
  • 2
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 39205762
Using the delegation control wizard you can "create a custom task to delegate"

Then only the following objects in the folder you can choose "user objects"

You can then show the General and Property-specific permissions and give them Read and Write to the attributes you want.

Thanks


Mike
0
 
LVL 1

Author Comment

by:kj_syence
ID: 39206078
Hmmm... makes sense, but I do not see one for "Last Name" for example. Does that mean I just need to use something like "read Name" and "write Name" in order to have Last Name included in delegation? Seems like the granularity for this is hit or miss.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39206147
Yeah just looked odd last name or sn is not there.  You might need to use name.

Thanks

Mike
0
 
LVL 1

Author Closing Comment

by:kj_syence
ID: 39208611
Thanks.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question