Improve company productivity with a Business Account.Sign Up

x
?
Solved

Issues with giving a security groups certain permissions to modify accont fields

Posted on 2013-05-29
4
Medium Priority
?
232 Views
Last Modified: 2013-05-30
Hi Experts,

At my organization, I am trying to allow my HR team to be able to modify certain user account fields within ADUC. The fields are:

First Name
Last Name
Display Name
Description
Office
Job Title
Department
Company
Manager (Being able to choose and assign managers to the user account in ADUC)

Can anyone list each specefic permission required to allow a security group to modify the fields listed above? We will apply the perms using the delegation wizard on the OU which will hold all the user accounts we want HR to modify.
0
Comment
Question by:kj_syence
  • 2
  • 2
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 39205762
Using the delegation control wizard you can "create a custom task to delegate"

Then only the following objects in the folder you can choose "user objects"

You can then show the General and Property-specific permissions and give them Read and Write to the attributes you want.

Thanks


Mike
0
 
LVL 1

Author Comment

by:kj_syence
ID: 39206078
Hmmm... makes sense, but I do not see one for "Last Name" for example. Does that mean I just need to use something like "read Name" and "write Name" in order to have Last Name included in delegation? Seems like the granularity for this is hit or miss.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39206147
Yeah just looked odd last name or sn is not there.  You might need to use name.

Thanks

Mike
0
 
LVL 1

Author Closing Comment

by:kj_syence
ID: 39208611
Thanks.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
You have missed a phone call. The number looks like it belongs to the bunch of numbers which your company uses. How to find out who has just called you?
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question