User modify his own active directory object

[mbowles]

Is there a way to set perms on the AD object of a user so he/she can modify there own telephone number, cell phone, etc..., but not any other attributes?

 

[tmt7734]

AH yes the easy days back when exchange 5.5 had the GALMOD32.exe. Unfortunately not so easy with AD.

There are some 3rd party options out there however that work with AD. Do a search for Account Central by add on products or imanami's webdir. they both have demo's I've tried and both work.

 

[buddafish]

maybe adsi scripting on a web page to allow users to adjust personal info...

 

[mbowles]

Yeah, I have some C# .NET stuff that allows query and editing, but my network team would rather lock fields vs. relying on me to only provide access to said attributes.

 

[buddafish]

if i might ask, how will the standard user access these attributes for modification? just curious? i write utility apps with adsi and now ldap to get at these without using the aduc interface.

scottie

 

[mbowles]

In C#, a DirectoryServices gives you access to ldap thingys. I have the O'Reilly Active Directory Cookbook with a lot of VBScript code for viewing, editing, maintaining users, groups, topology, security etc...and I find the C# ports for that VBScript code.

 

[buddafish]

i guess i was thinking about the comment about the net-admin wanting attributes locked out. standard users don't have access to their user properties without giving them a controlled interface... like a window with 2 textboxes and a cancel / save button... ... anyway... just interested...

cheers ...