I am stumped again, so I come to my friends here to help (surprise, surprise). In our organization, we are Server 2003 AD (2003 functional) and we have a user we want to allow to edit the Telephone and pager fields of the users in the domain. I cannot seem to find any option to do that using the Delegation of Control wizard or any other way. Does anyone know how I can allow this? Is it going to require a schema mod using ADSI edit?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
AD question (regarding delegation of control)
- Thread starter ITAAGuyOR
- Start date
No it will not require adsi edit. There are 3 ways. One way is thru delegation, the other is to do it thru manual permission setting, and the last is to do it thrus command-line with dsacls.
1) Delegation - Open delegation on the OU that you want to grant the permission. Right-click and choose "Delegation". Click Next. Select your group or users that you want to grant the rights to. Click next. Click "Create Custom task" and next. Click "Only the Following Objects" and select User Objects. Click next. Only check the "Property Specific" box and go down and select the properties that they should be able to add, like Fax or Pager. Make sure you do read and write on those objects. Then just finish the wizard out. This should work.
2) Manual Right Assignment - Make sure you are viewing ADUC with advanced features. Right-click the OU. Click properties. Go to the security tab. Click Advanced button. You will clcik Add and create a new permissions. You will now go thru the steps to select a user to grant rights to, select "User Objects" to give rights to, and select the individual properties to allow read/write to.
1) Delegation - Open delegation on the OU that you want to grant the permission. Right-click and choose "Delegation". Click Next. Select your group or users that you want to grant the rights to. Click next. Click "Create Custom task" and next. Click "Only the Following Objects" and select User Objects. Click next. Only check the "Property Specific" box and go down and select the properties that they should be able to add, like Fax or Pager. Make sure you do read and write on those objects. Then just finish the wizard out. This should work.
2) Manual Right Assignment - Make sure you are viewing ADUC with advanced features. Right-click the OU. Click properties. Go to the security tab. Click Advanced button. You will clcik Add and create a new permissions. You will now go thru the steps to select a user to grant rights to, select "User Objects" to give rights to, and select the individual properties to allow read/write to.
- Thread starter
- #3
- Status
Similar threads
- Locked
- Question
- Locked
- Question