modifing permisions of an attribute of LDAP

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello
I want that one user of my domain can modify a set of attributes of all
users of my domain. But only that. I don't want that this user can add/delete
users

How can i do?
Is posible to do this with the tool AD Users and Computers or I have to do
it with scripts?

thank you
 
You can delegate at the attribute level. You can do it through the security tab
or possibly through the delegation wizard.
 
Hello,

Thanks for posting!

I also agree with Joe. You may delegate users/groups permission to the
coresponding object.

Some helpful information for your reference:
Step-by-Step Guide to Using the Delegation of Control Wizard
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/
directory/activedirectory/stepbystep/ctrlwiz.mspx

Use this wizard to delegate administrative control
http://www.windowsitpro.com/Article/ArticleID/22555/22555.html?Ad=1

Delegation of Control Wizard
http://www.serverwatch.com/tutorials/article.php/10825_1472441_2

Hope the information helps. If there is anything that is unclear, please
feel free to let me know.

Thanks & Regards,

Jason Tan

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

From: "=?Utf-8?B?SlBvbGljZWxsaQ==?=" <[email protected]>
Subject: Re: Delegating Control...
Date: Fri, 16 Sep 2005 16:26:11 -0700
Newsgroups: microsoft.public.win2000.active_directory

Have a read through Sanjay Tandan's Best Practices for Delegating Active
Directory Administration document published on Microsoft's site. The Best
Practices for Delegating Active Directory Administration: Appendices has a
lot of details that you may find helpful for this.

Best Practices for Delegating Active Directory Administration
http://www.microsoft.com/downloads/details.aspx?FamilyID=631747a3-79e1-48fa-
9730-dae7c0a1d6d3&DisplayLang=en







--------------------
| Thread-Topic: modifing permisions of an attribute of LDAP
| thread-index: AcXa8gTFk72Tty5tSeq24LLmK/JYNQ==
| X-WBNR-Posting-Host: 195.55.102.195
| From: "=?Utf-8?B?cGFibG9mQG5vc3BhbS5wb3N0YWxpYXM=?="
<[email protected]>
| Subject: modifing permisions of an attribute of LDAP
| Date: Thu, 27 Oct 2005 05:29:04 -0700
| Lines: 10
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.win2000.active_directory:35112
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Hello
| I want that one user of my domain can modify a set of attributes of all
| users of my domain. But only that. I don't want that this user can
add/delete
| users
|
| How can i do?
| Is posible to do this with the tool AD Users and Computers or I have to
do
| it with scripts?
|
| thank you
|
 
Hello,

I appreciate your update and response, and I am glad to hear that the
information helps. If you have any other questions or concerns, please do
not hesitate to contact us. It is always our pleasure to be of assistance.

Have a nice day!

Best Regards,

Jason Tan

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.



--------------------
| Thread-Topic: modifing permisions of an attribute of LDAP
| thread-index: AcXd/+tR5bLgkfw5TH+4lUF1FEfRcg==
| X-WBNR-Posting-Host: 195.55.102.195
| From: "=?Utf-8?B?cGFibG9mQG5vc3BhbS5wb3N0YWxpYXM=?="
<[email protected]>
| References: <[email protected]>
<[email protected]>
| Subject: RE: modifing permisions of an attribute of LDAP
| Date: Mon, 31 Oct 2005 01:46:08 -0800
| Lines: 97
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 8bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.win2000.active_directory:35242
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Ok. That works.
| Thank you
|
|
| "Jason Tan (MSFT)" escribió:
|
| > Hello,
| >
| > Thanks for posting!
| >
| > I also agree with Joe. You may delegate users/groups permission to the
| > coresponding object.
| >
| > Some helpful information for your reference:
| > Step-by-Step Guide to Using the Delegation of Control Wizard
| >
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/
| > directory/activedirectory/stepbystep/ctrlwiz.mspx
| >
| > Use this wizard to delegate administrative control
| > http://www.windowsitpro.com/Article/ArticleID/22555/22555.html?Ad=1
| >
| > Delegation of Control Wizard
| > http://www.serverwatch.com/tutorials/article.php/10825_1472441_2
| >
| > Hope the information helps. If there is anything that is unclear,
please
| > feel free to let me know.
| >
| > Thanks & Regards,
| >
| > Jason Tan
| >
| > Microsoft Online Partner Support
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| >
| > From: "=?Utf-8?B?SlBvbGljZWxsaQ==?="
<[email protected]>
| > Subject: Re: Delegating Control...
| > Date: Fri, 16 Sep 2005 16:26:11 -0700
| > Newsgroups: microsoft.public.win2000.active_directory
| >
| > Have a read through Sanjay Tandan's Best Practices for Delegating
Active
| > Directory Administration document published on Microsoft's site. The
Best
| > Practices for Delegating Active Directory Administration: Appendices
has a
| > lot of details that you may find helpful for this.
| >
| > Best Practices for Delegating Active Directory Administration
| >
http://www.microsoft.com/downloads/details.aspx?FamilyID=631747a3-79e1-48fa-
| > 9730-dae7c0a1d6d3&DisplayLang=en
| >
| >
| >
| >
| >
| >
| >
| > --------------------
| > | Thread-Topic: modifing permisions of an attribute of LDAP
| > | thread-index: AcXa8gTFk72Tty5tSeq24LLmK/JYNQ==
| > | X-WBNR-Posting-Host: 195.55.102.195
| > | From: "=?Utf-8?B?cGFibG9mQG5vc3BhbS5wb3N0YWxpYXM=?="
| > <[email protected]>
| > | Subject: modifing permisions of an attribute of LDAP
| > | Date: Thu, 27 Oct 2005 05:29:04 -0700
| > | Lines: 10
| > | Message-ID: <[email protected]>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.win2000.active_directory
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.win2000.active_directory:35112
| > | X-Tomcat-NG: microsoft.public.win2000.active_directory
| > |
| > | Hello
| > | I want that one user of my domain can modify a set of attributes of
all
| > | users of my domain. But only that. I don't want that this user can
| > add/delete
| > | users
| > |
| > | How can i do?
| > | Is posible to do this with the tool AD Users and Computers or I have
to
| > do
| > | it with scripts?
| > |
| > | thank you
| > |
| >
| >
|
 
Back
Top