Solved

Issues with giving a security groups certain permissions to modify accont fields

Posted on 2013-05-29
4
215 Views
Last Modified: 2013-05-30
Hi Experts,

At my organization, I am trying to allow my HR team to be able to modify certain user account fields within ADUC. The fields are:

First Name
Last Name
Display Name
Description
Office
Job Title
Department
Company
Manager (Being able to choose and assign managers to the user account in ADUC)

Can anyone list each specefic permission required to allow a security group to modify the fields listed above? We will apply the perms using the delegation wizard on the OU which will hold all the user accounts we want HR to modify.
0
Comment
Question by:kj_syence
  • 2
  • 2
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 39205762
Using the delegation control wizard you can "create a custom task to delegate"

Then only the following objects in the folder you can choose "user objects"

You can then show the General and Property-specific permissions and give them Read and Write to the attributes you want.

Thanks


Mike
0
 
LVL 1

Author Comment

by:kj_syence
ID: 39206078
Hmmm... makes sense, but I do not see one for "Last Name" for example. Does that mean I just need to use something like "read Name" and "write Name" in order to have Last Name included in delegation? Seems like the granularity for this is hit or miss.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39206147
Yeah just looked odd last name or sn is not there.  You might need to use name.

Thanks

Mike
0
 
LVL 1

Author Closing Comment

by:kj_syence
ID: 39208611
Thanks.
0

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now