We would like to create a security group for a set of users to have restricted user administration privileges.
Right now we have it so that (pretty much like default) Win 7 users can go to 'Network Locations' from 'My Computer' and click the 'Search Active Directory' tab. From there they can find their account and modify only their first 2 tabs of information.
We would like to make a security group where members of that group can search for any user and modify those first two tabs of information (and one of the 3rd). This would allow us to bypass installing RSAT / ADUC for each of the members of that security group.
I have not been able to find an accurate listing of which permissions would allow this as we want to only allow the minimum amount of extra changes.
Here is a specific list of the fields we want the users to be able to modify:
General Tab - First Name, Last Name, Display Name, Telephone, Email, Home Page
Address Tab - Street, PO Box, City, Zip/Postal Code, Country/region
Business Tab - Office
Any help would be greatly appreciated! As this is for a number of users I want to make sure we implement only the proper permissions and don't end up with issues down the line.