Microsoft Management Console

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am trying to create taskpad's for a group of specific users, I want them to
be able to search for user objects and only make changes to the Department,
Phone number and room number fields. I have tried to use delegation within
active directory but this is not granual enough for what I need. If I try to
use delegation, it either gives them nothing at all whereby they can only
view the records, or it goes the other way and they can modify group
membership's, change password's etc. Has anyone got any advice or know of
any documentation as I am looking into maybe using VB, Excel or even Access
to interigate AD using LDAP.
 
Mark said:
I am trying to create taskpad's for a group of specific users, I want them to
be able to search for user objects and only make changes to the Department,
Phone number and room number fields. I have tried to use delegation within
active directory but this is not granual enough for what I need. If I try to
use delegation, it either gives them nothing at all whereby they can only
view the records, or it goes the other way and they can modify group
membership's, change password's etc. Has anyone got any advice or know of
any documentation as I am looking into maybe using VB, Excel or even Access
to interigate AD using LDAP.
Click to expand...

Did you actually modify the security ACLs for the users/groups you added using
the delegation wizard? You can get pretty granular about which individual
attributes you want users to read or write to and whether it applies to user
objects or a whole host of other items. Are you sure you looked at all of the
possible functionality of editing the ACLs manually?
 
I have allowed the user to read/write telephone numbers, read/write room
numbers, read/write department etc, however, when I log on as the test user
all the "supposedly" modifiable areas are greyed out. I used the delegation
wizard to set the ACL, then viewed them from the security tab to make sure
all was O.k. The test user only belongs to one group, and I cannot see any
other GPO's being applied.
 
Back
Top