• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 316
  • Last Modified:

Deligating AD permission

I have a requirement of updating AD user fields like email, phone dept etc. So, I want to assign this task to HR dept. I can install ADmanager in one client machine and provide access to them. But I want then to only modify user settings. They should not delete the users and reset password of any user. How I can do this.

windows 2008 - AD

1 Solution
SandeshdubeySenior Server EngineerCommented:
VirastaRUC Tech Consultant Commented:

Hope this Step by Step screenshot will help you follow along..

Delegation Control to Modify Only Certain User Attributes

The best part is it exactly matches your scenario

Hope that helps :)
The above given links are perfect and moreover,

You can use delegation wizard or taskpad or below third party tool.

How to Delegate Basic Server Administration To Junior Administrators.  http://support.microsoft.com/kb/555986

Best Practices for Delegating Active Directory Administration  http://technet.microsoft.com/en-us/library/cc773318%28v=ws.10%29.aspx


kolathaya123Author Commented:
Hi Virastar,

It helped me alot.. But I provided some permission, in that I want to remove some.. from where I can remove the given permission or edit the deligation

VirastaRUC Tech Consultant Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now