Solved

Issues with giving a security groups certain permissions to modify accont fields

Posted on 2013-05-29
4
222 Views
Last Modified: 2013-05-30
Hi Experts,

At my organization, I am trying to allow my HR team to be able to modify certain user account fields within ADUC. The fields are:

First Name
Last Name
Display Name
Description
Office
Job Title
Department
Company
Manager (Being able to choose and assign managers to the user account in ADUC)

Can anyone list each specefic permission required to allow a security group to modify the fields listed above? We will apply the perms using the delegation wizard on the OU which will hold all the user accounts we want HR to modify.
0
Comment
Question by:kj_syence
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 39205762
Using the delegation control wizard you can "create a custom task to delegate"

Then only the following objects in the folder you can choose "user objects"

You can then show the General and Property-specific permissions and give them Read and Write to the attributes you want.

Thanks


Mike
0
 
LVL 1

Author Comment

by:kj_syence
ID: 39206078
Hmmm... makes sense, but I do not see one for "Last Name" for example. Does that mean I just need to use something like "read Name" and "write Name" in order to have Last Name included in delegation? Seems like the granularity for this is hit or miss.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39206147
Yeah just looked odd last name or sn is not there.  You might need to use name.

Thanks

Mike
0
 
LVL 1

Author Closing Comment

by:kj_syence
ID: 39208611
Thanks.
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question