Issues with giving a security groups certain permissions to modify accont fields

Posted on 2013-05-29
Last Modified: 2013-05-30
Hi Experts,

At my organization, I am trying to allow my HR team to be able to modify certain user account fields within ADUC. The fields are:

First Name
Last Name
Display Name
Job Title
Manager (Being able to choose and assign managers to the user account in ADUC)

Can anyone list each specefic permission required to allow a security group to modify the fields listed above? We will apply the perms using the delegation wizard on the OU which will hold all the user accounts we want HR to modify.
Question by:kj_syence
  • 2
  • 2
LVL 57

Accepted Solution

Mike Kline earned 500 total points
ID: 39205762
Using the delegation control wizard you can "create a custom task to delegate"

Then only the following objects in the folder you can choose "user objects"

You can then show the General and Property-specific permissions and give them Read and Write to the attributes you want.



Author Comment

ID: 39206078
Hmmm... makes sense, but I do not see one for "Last Name" for example. Does that mean I just need to use something like "read Name" and "write Name" in order to have Last Name included in delegation? Seems like the granularity for this is hit or miss.
LVL 57

Expert Comment

by:Mike Kline
ID: 39206147
Yeah just looked odd last name or sn is not there.  You might need to use name.



Author Closing Comment

ID: 39208611

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AD RMS - Exchange 2010 3 38
block folder inheritance 4 35
Unexpected Windows system folders on D drive 16 74
SYSVOL not replicating 10 52
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now