Active Directory: delegation of permission

Hello,

I need to grant an account in Active Directory domain to update userprincipalname. What permissions I need to delegate. I don’t see the attribute userprincipalname in delegation wizard.

When I am in the security tab for the OU, in advanced view, not sure which permissions I need to pick.

Looking forward to your assistance.
Parity123Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MaheshArchitectCommented:
On DC server, Delegated control use file named Delegwiz.inf under C:\windows\inf or system32 folder
rename this file to old and copy new file here and it should give you option to delegate control for UPN
below link will give you new file contents
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc772784(v=ws.10)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
McKnifeCommented:
Right click the OU and go to properties - security -advanced. Add the permission. Simple, just like with folders - have it apply to objects as well through inheritance. Can be done to the domain head as well.

If you don't see "security", you will need to change the view settings of aduc.msc to show advanced settings, first. No wizard needed.
0
Parity123Author Commented:
What permissions to select was my question
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

MaheshArchitectCommented:
easy way is to use delegation file, it will directly provide you option which u looking for
file is provided by ms only and works perfectly

advanced permissions you need to dig down to user/user logon name and check if that works
0
McKnifeCommented:
If the granular permissions in the section I pointed to don't show it, then go with Mahesh's suggestion, for which I found confirmation in https://social.technet.microsoft.com/Forums/windows/en-US/8af2297c-e39f-4e38-a4d7-1e8df1b44cde/delegate-the-right-to-modify-upn?forum=winserverDS
0
Parity123Author Commented:
Thanks
0
McKnifeCommented:
Good that Mahesh could help. Next time, please consider to give most/all points to the  expert that actually helped you :-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.