Hi guys, hope you are all well and can help.
We have a need to limit modification of the e-mail address property (ldap mail attribute) for all users in active directory.
What we need to do is this:
1) Give a group eg.Email admins, full control of all users' email address.
2) Restrict access to all other people eg.limit them to having read only on this mail attribute.
I have tried dsacls with no luck, and in the delegation control wizard, i cannot find this property.
Any help greatly appreciated.
The OU where all the users is is ad follows: