none
Active Directory Delegation User

    Question

  • Dear Friends,

    Kindly help me out configure delegated user on AD 2016

    please find the below properties this user  want to edit 

    p

    I tried lots, please help me for by steps by step

    Friday, March 3, 2017 8:14 AM

Answers

  • Hi,

     

    You can delegate those permissions to this users by using the following steps:

    1. In AD user and computers, right click on the OU which contains all the users that you want another user to be able to modify their attributes. Choose "Delegate Control".
    2. Add the user that you would like to give the ability to. Next.
    3. Choose "Create a custom task to delegate". Next.
    4. Choose "Only the following objects in the folder" then "User objects" in the list. Next.
    5. Uncheck General. Only check Property-specific.
    6. Under Permissions list, check the entries per your requirement such as

    Write Department
    Write Telephone Number
    Write Street Address

    So add all attributes you want that user to be able to edit. Click Next and Finish.

    -----------------------------------------------------------------------------------------------------------------
    If you found this post helpful, please give it a "Helpful" vote. 
    Please remember to mark the replies as answers if they help.


    • Edited by Nedim Mehic Friday, March 3, 2017 8:42 AM
    • Marked as answer by Ashru785 Tuesday, March 7, 2017 6:43 PM
    Friday, March 3, 2017 8:40 AM
  • Hi,
    Agree with Nedim’s suggestion to delegate permission, here is a step-by step-by-step article to do that, please see: https://dani3lr.wordpress.com/2009/07/25/delegation-control-to-modify-only-certain-user-attributes-part-1/
    Alternatively, you could delegate user permission to modify the attributes corresponding to properties which you want to edit, here is an article to do that: https://dani3lr.wordpress.com/2009/07/25/delegation-control-to-modify-only-certain-user-attributes-part-2/
    And the following article lists attribute name corresponding to properties in the ADUC, you could refer to when you delegate permission:
    http://www.kouti.com/tables/userattributes.htm
    Please Note: Since the web sits are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by Ashru785 Tuesday, March 7, 2017 6:44 PM
    Monday, March 6, 2017 5:24 AM
    Moderator

All replies

  • Hi,

     

    You can delegate those permissions to this users by using the following steps:

    1. In AD user and computers, right click on the OU which contains all the users that you want another user to be able to modify their attributes. Choose "Delegate Control".
    2. Add the user that you would like to give the ability to. Next.
    3. Choose "Create a custom task to delegate". Next.
    4. Choose "Only the following objects in the folder" then "User objects" in the list. Next.
    5. Uncheck General. Only check Property-specific.
    6. Under Permissions list, check the entries per your requirement such as

    Write Department
    Write Telephone Number
    Write Street Address

    So add all attributes you want that user to be able to edit. Click Next and Finish.

    -----------------------------------------------------------------------------------------------------------------
    If you found this post helpful, please give it a "Helpful" vote. 
    Please remember to mark the replies as answers if they help.


    • Edited by Nedim Mehic Friday, March 3, 2017 8:42 AM
    • Marked as answer by Ashru785 Tuesday, March 7, 2017 6:43 PM
    Friday, March 3, 2017 8:40 AM
  • Hi,
    Agree with Nedim’s suggestion to delegate permission, here is a step-by step-by-step article to do that, please see: https://dani3lr.wordpress.com/2009/07/25/delegation-control-to-modify-only-certain-user-attributes-part-1/
    Alternatively, you could delegate user permission to modify the attributes corresponding to properties which you want to edit, here is an article to do that: https://dani3lr.wordpress.com/2009/07/25/delegation-control-to-modify-only-certain-user-attributes-part-2/
    And the following article lists attribute name corresponding to properties in the ADUC, you could refer to when you delegate permission:
    http://www.kouti.com/tables/userattributes.htm
    Please Note: Since the web sits are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by Ashru785 Tuesday, March 7, 2017 6:44 PM
    Monday, March 6, 2017 5:24 AM
    Moderator
  • Thank you for your reply , i tried these step and i oged with deleagated user but that user have no permission to acesss active directory user and computer

    kindly advise me

    Wednesday, March 8, 2017 4:13 PM
  • Hi,
    In order to modify user properties in ADUC, You need delegate permission for users to log on DC and use ADUC.
    However, considering to secure AD, it is not suggested to delegate too many user permission for logging in DC.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, March 9, 2017 2:11 AM
    Moderator