updating AD info without administrator?

[mooneh]

Hi there!

We want a couple of people who are not IT to be able to update certain
user details within AD; phone number, location etc. I know if you have
admin status that you can search people from staff number and update
info from there, but believe administrator status is needed.

We are upgrading to outlook 2003 from 2000 very soon, at the same time
upgrading from exchange 5.5 to 2003. We work in a windows 2000
environment.

Thanks in advance!

 

[Joe Richards [MVP]]

Grab any basic book on Active Directory and look for the section on AD Delegation.

joe

 

[rwh]

You'd have to set the security permissions at the OU level. There are
many configurable options including whether the permissions propogate
down to "children" folders/OU's.
You can set so they can only change passwords or specific Tabs. You'd
be best off by creating a Test OU and play with new GP's assigned to
that OU only. Play with the permission settings until you get it the
way you want.
Then implement into a production OU.

 

[mooneh]

thanks - i'll check it out.

 

[Cary Shultz [A.D. MVP]]

Mooneh,

I think that this has already been answered...but, just in case: look into
Delegation.

Also, know that people can access some of their information and change it
themselves. I probably would not necessarily make that public knowledge,
though. Not suggesting 'security through obscurity'.

--
Cary W. Shultz
Roanoke, VA 24012

WIN2000 Active Directory MVP
http://www.activedirectory-win2000.com
(soon to be updated!!!)
http://www.grouppolicy-win2000.com
(soon to be updated!!!)

 

[mooneh]

sweet, this is going to help loads thx every1!