Solved

Give Assistant Access To Update User Information In Active Directory

Posted on 2014-01-13
2
485 Views
Last Modified: 2014-01-14
Our company recently moved and we have multiple employees now spread across 'everywhere'. I want to give one of our administrative assistants access to AD to only be able to update user's addresses, phone numbers and department/company, etc. This is a user that should not have access to any other kind of functions in AD... I also would prefer that this person not actually log on to the server itself, if at all possible.

Is there any kind of third party tool that can connect to AD to do this?

Since it is data entry intensive, I want to dish this job out to an admin, asst.

Thanks EE community!
0
Comment
Question by:Paul Wagner
2 Comments
 
LVL 12

Accepted Solution

by:
SreRaj earned 500 total points
ID: 39778566
Hi,

You could delegate permissions to Administrative Assistants over an Organizational Unit. During delegation configuration, you can specify granular permissions like only updating basic attributes which should be assigned to users. After this is done, you could install Remote Server Administration Tools (RSAT) on AA's computers and instruct them to use consoles,  Active Directory Users & Computers or Active Directory Administrative Center to update user information.

Please refer following article for more information.

http://dani3lr.wordpress.com/2009/07/25/delegation-control-to-modify-only-certain-user-attributes-part-1/
0
 
LVL 3

Author Comment

by:Paul Wagner
ID: 39779554
Oh wow. You are a beast. That totally worked. I added permissions in the delegation for phone numbers, addresses, etc. but it definitely worked great. Thanks.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now