Solved

Give Assistant Access To Update User Information In Active Directory

Posted on 2014-01-13
2
496 Views
Last Modified: 2014-01-14
Our company recently moved and we have multiple employees now spread across 'everywhere'. I want to give one of our administrative assistants access to AD to only be able to update user's addresses, phone numbers and department/company, etc. This is a user that should not have access to any other kind of functions in AD... I also would prefer that this person not actually log on to the server itself, if at all possible.

Is there any kind of third party tool that can connect to AD to do this?

Since it is data entry intensive, I want to dish this job out to an admin, asst.

Thanks EE community!
0
Comment
Question by:Paul Wagner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Accepted Solution

by:
SreRaj earned 500 total points
ID: 39778566
Hi,

You could delegate permissions to Administrative Assistants over an Organizational Unit. During delegation configuration, you can specify granular permissions like only updating basic attributes which should be assigned to users. After this is done, you could install Remote Server Administration Tools (RSAT) on AA's computers and instruct them to use consoles,  Active Directory Users & Computers or Active Directory Administrative Center to update user information.

Please refer following article for more information.

http://dani3lr.wordpress.com/2009/07/25/delegation-control-to-modify-only-certain-user-attributes-part-1/
0
 
LVL 5

Author Comment

by:Paul Wagner
ID: 39779554
Oh wow. You are a beast. That totally worked. I added permissions in the delegation for phone numbers, addresses, etc. but it definitely worked great. Thanks.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question