Solved

Give Assistant Access To Update User Information In Active Directory

Posted on 2014-01-13
2
494 Views
Last Modified: 2014-01-14
Our company recently moved and we have multiple employees now spread across 'everywhere'. I want to give one of our administrative assistants access to AD to only be able to update user's addresses, phone numbers and department/company, etc. This is a user that should not have access to any other kind of functions in AD... I also would prefer that this person not actually log on to the server itself, if at all possible.

Is there any kind of third party tool that can connect to AD to do this?

Since it is data entry intensive, I want to dish this job out to an admin, asst.

Thanks EE community!
0
Comment
Question by:Paul Wagner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Accepted Solution

by:
SreRaj earned 500 total points
ID: 39778566
Hi,

You could delegate permissions to Administrative Assistants over an Organizational Unit. During delegation configuration, you can specify granular permissions like only updating basic attributes which should be assigned to users. After this is done, you could install Remote Server Administration Tools (RSAT) on AA's computers and instruct them to use consoles,  Active Directory Users & Computers or Active Directory Administrative Center to update user information.

Please refer following article for more information.

http://dani3lr.wordpress.com/2009/07/25/delegation-control-to-modify-only-certain-user-attributes-part-1/
0
 
LVL 5

Author Comment

by:Paul Wagner
ID: 39779554
Oh wow. You are a beast. That totally worked. I added permissions in the delegation for phone numbers, addresses, etc. but it definitely worked great. Thanks.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question