Give Assistant Access To Update User Information In Active Directory

Our company recently moved and we have multiple employees now spread across 'everywhere'. I want to give one of our administrative assistants access to AD to only be able to update user's addresses, phone numbers and department/company, etc. This is a user that should not have access to any other kind of functions in AD... I also would prefer that this person not actually log on to the server itself, if at all possible.

Is there any kind of third party tool that can connect to AD to do this?

Since it is data entry intensive, I want to dish this job out to an admin, asst.

Thanks EE community!
LVL 5
Paul WagnerFriend To Robots and RocksAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
SreRajConnect With a Mentor Commented:
Hi,

You could delegate permissions to Administrative Assistants over an Organizational Unit. During delegation configuration, you can specify granular permissions like only updating basic attributes which should be assigned to users. After this is done, you could install Remote Server Administration Tools (RSAT) on AA's computers and instruct them to use consoles,  Active Directory Users & Computers or Active Directory Administrative Center to update user information.

Please refer following article for more information.

http://dani3lr.wordpress.com/2009/07/25/delegation-control-to-modify-only-certain-user-attributes-part-1/
0
 
Paul WagnerFriend To Robots and RocksAuthor Commented:
Oh wow. You are a beast. That totally worked. I added permissions in the delegation for phone numbers, addresses, etc. but it definitely worked great. Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.