none
How to set Write Permission on the AD thumbnailPhoto property?

    Question

  • Hi,

    i need to set the write permission for the thumbnailPhoto property, but i dont know how. Could someone please explain this for me?

    A default user (without any membership in a special group) should be able to change this property for his account. Bu only for his account, not for the other user account in the AD! And the admin should be able to change it for all users

    How to achive this?

    best regards

    lacliqua

    Wednesday, November 24, 2010 6:09 PM

Answers

  • Grant Write permissions on the attribute to SELF and admin. You should be able to accomplish this using Delegation Control Wizard in ADUC (make sure to select Property-specific checkbox on Permissions page and check both "Read thumbnailPhoto" and "Write thumbnailPhoto")

    hth
    Marcin

    • Marked as answer by LaCliqua Wednesday, November 24, 2010 7:14 PM
    Wednesday, November 24, 2010 6:15 PM
  • Right click on the OU where user accounts reside and select Delegate Control. On Users and Groups page, add Self and admin. On task to delegate page, choose Create a custom task to delegate. On Active Directory Object Type, select User objects under Only the following objects in the folder. On the Permissions page, select Propery-specific and then enable both "Read thumbnailPhoto" and "Write thumbnailPhoto" checkboxes

    hth
    Marcin

    • Marked as answer by LaCliqua Wednesday, November 24, 2010 7:14 PM
    Wednesday, November 24, 2010 7:09 PM

All replies

  • Grant Write permissions on the attribute to SELF and admin. You should be able to accomplish this using Delegation Control Wizard in ADUC (make sure to select Property-specific checkbox on Permissions page and check both "Read thumbnailPhoto" and "Write thumbnailPhoto")

    hth
    Marcin

    • Marked as answer by LaCliqua Wednesday, November 24, 2010 7:14 PM
    Wednesday, November 24, 2010 6:15 PM
  • Could you explain the correct way to do this step by step?
    Wednesday, November 24, 2010 7:03 PM
  • Right click on the OU where user accounts reside and select Delegate Control. On Users and Groups page, add Self and admin. On task to delegate page, choose Create a custom task to delegate. On Active Directory Object Type, select User objects under Only the following objects in the folder. On the Permissions page, select Propery-specific and then enable both "Read thumbnailPhoto" and "Write thumbnailPhoto" checkboxes

    hth
    Marcin

    • Marked as answer by LaCliqua Wednesday, November 24, 2010 7:14 PM
    Wednesday, November 24, 2010 7:09 PM
  • Thank you very much!
    Wednesday, November 24, 2010 7:22 PM