Announcement

Collapse
No announcement yet.

AD delegation

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD delegation

    Hi,

    I am trying to set a granular permission to a user in modifying User properties in AD.

    I managed to give the required permissions, except the last name. I am not able to modify the last name. I am unable to locate last name attribute.
    Could someone please assist me.

    Please find my setup for the other attributes in this post.

    Many Thanks,

    Kind Regards

    READ PROPERTY
    SPECIAL ACCESS for middleName
    WRITE PROPERTY
    READ PROPERTY
    SPECIAL ACCESS for givenName
    WRITE PROPERTY
    READ PROPERTY
    SPECIAL ACCESS for facsimileTelephoneNumber
    WRITE PROPERTY
    READ PROPERTY
    SPECIAL ACCESS for personalTitle
    WRITE PROPERTY
    READ PROPERTY
    SPECIAL ACCESS for title
    WRITE PROPERTY
    READ PROPERTY
    SPECIAL ACCESS for description
    WRITE PROPERTY
    READ PROPERTY
    SPECIAL ACCESS for department
    WRITE PROPERTY
    READ PROPERTY
    SPECIAL ACCESS for telephoneNumber
    WRITE PROPERTY
    READ PROPERTY
    SPECIAL ACCESS for cn
    WRITE PROPERTY
    READ PROPERTY
    SPECIAL ACCESS for adminDescription
    WRITE PROPERTY
    READ PROPERTY
    SPECIAL ACCESS for name
    WRITE PROPERTY
    READ PROPERTY
    SPECIAL ACCESS for postalAddress
    READ PROPERTY
    SPECIAL ACCESS for sAMAccountName
    READ PROPERTY
    SPECIAL ACCESS for userPrincipalName
    READ PROPERTY
    SPECIAL ACCESS for msExchHideFromAddressLists
    READ PROPERTY
    SPECIAL ACCESS for memberOf
    READ PROPERTY
    SPECIAL ACCESS for streetAddress
    READ PROPERTY
    SPECIAL ACCESS for displayName
    READ PROPERTY
    SPECIAL ACCESS for street
    READ PROPERTY
    SPECIAL ACCESS for adminDisplayName
    Reply With Quote

  • #2
    Re: AD delegation

    Hi All,

    I found it. We need to modify dssec.dat in systems32. Under USER we need to modify sn=7 to sn=0.

    Thanks all for your help.

    Comment


    • #3
      Re: AD delegation

      Thanks for the info! Out of curiosity I had a read through the permissions list and couldn't find surname,givenname or anything similar which surprised me.

      Where did you get the answer?
      cheers
      Andy

      Please read this before you post:


      Quis custodiet ipsos custodes?

      Comment

      Working...
      X