Link to home
Start Free TrialLog in
Avatar of Parity123
Parity123Flag for United States of America

asked on

Active Directory: Delegate access

Hello experts,

I want to delegate access (for a group) to an attribute called userprincipalname, but this attribute does not show in delegate wizard in ADUC. How would I delegate/grant access.

Your assistance is appreciated.
Avatar of Mahesh
Mahesh
Flag of India image

you need to select custom delegation task, then select "user objects" and then grant them "read and write logon information" on user objects
Avatar of Parity123

ASKER

I granted/delegated access to "write logon name" to a group. Is there a way to check if a particular group has the ability to write "userprincipalname".
yes

Add required user to that group
Then on which OU you have made delegation, on any user account in that OU try to change userprincipalname
I have granted access to the OU. The user is saying he still cannot. He logged off and logged on waited for replication, I want to see if I can generate some report confirming that this group has access to modify this attribute.
force ad replication
then check effective permission of that ou where u assigned permissions
ASKER CERTIFIED SOLUTION
Avatar of Shaun Vermaak
Shaun Vermaak
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Accept: Shaun Vermaak (https:#a42435707)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

exchangepro
Experts-Exchange Cleanup Volunteer