No announcement yet.

Delegate User Attributes

  • Filter
  • Time
  • Show
Clear All
new posts

  • Delegate User Attributes

    Hi All,

    I would like to Delegate a security group in AD to control 2 User Attributes for all the users in AD. By control I mean write/delete/change the Objects.

    The User Attributes are:
    Office Location (physicalDeliveryOfficeHome)
    Telephone Number (telephoneNumber)

    The first one is located in 'Contact Objects' in the Delegate Control Wizard and the second one in 'User Object'.

    In the wizard I choose 'Create a custom task to delegate' -> 'Only the following objects in the folder' -> select 'Contact objects' -> Show 'Property-specific' permissions and check 'Read Office Location', 'Write Office Location'. (same for the telephone number)

    New permissions are set and propagate fine in the domain as I can see them from ADUC on a 'client' machine.

    BUT when I login with a user that's part of the security group I can't modify the Office field in ADUC as I was expecting I could, what am I missing?!?

    Thank you everyone!

    PS -> DC are 2003 SP2