It's been a while since I've checked on this but I believe the delegation wizard doesn't let you get this granular by default.
One way to do an end-run around the problem is to create an Excel spreadsheet, Access database, Oracle table, etc. with the user attibutes (you probably already have something like this anyway) and write a script that reads the information and updates the corresponding objects in AD. I have a Perl program that does precisely this, if you are interested. -----Original Message----- From: Shadow Roldan [mailto:[EMAIL PROTECTED] Sent: Thursday, October 02, 2003 12:21 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] hello and a question Excellent. The delegation wizard definitely seems to be where I need to be. Is there any resource I can look at to help me identify what these objects actually are? I am currently unable to identify what I should be delegating control of? I have no idea what these objects actually represent. Such as the "Contact objects" or "address type objects" or the "msExchAdressListServiceContainer Objects. Maybe one of you fine people can tell me which objects I need to accomplish my goals :) Thanks! Shadow -----Original Message----- From: Fosselman, Susan [mailto:[EMAIL PROTECTED] Sent: Thursday, October 02, 2003 9:03 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] hello and a question Shadow, Welcome Shadow. I am new to the list, too. You should be able to accomplish this with delegations. Right click an OU that has user objects that you want to have your admins maintain, and choose delegate control. The delegation wizard has some common tasks that you can delegate, or you can choose custom tasks to delegate various levels of control of specific attributes. Either way, the result is that the wizard will configure the ACL of the object properties to establish the control you are looking for. You can see the results on the security tab of the object properties. Susan Fosselman EDS - NMCI Messaging / Directory Services Engineer 3970 Sherman Street San Diego, CA 92110 Office: 619-817-3594 email: [EMAIL PROTECTED] -----Original Message----- From: Shadow Roldan [mailto:[EMAIL PROTECTED] Sent: Thursday, October 02, 2003 8:48 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] hello and a question Hi I'm new to the list so excuse me if I come across as a lame-o! We have a win2k environment w/ exchange 2k. There's only one little problem I'm having with active directory, we would like to have our Admins (read administrative assistants, not sys-admins) do the chores of maintaining the active directory user information. i.e, updating a user's business phone, cell phone, address, etc. However, this person cannot have access to change anything else, such as disabling an account, adding an email address etc. I cannot, for the life of me, figure out how to assign permissions just so... Any advice would be greatly appreciated. -- Shadow Roldan IT Manager Zero G Software, Inc. tel: 1-415-512-7771 x306 cell: 1-415-370-3782 mailto: [EMAIL PROTECTED] www.ZeroG.com The leading provider of multi-platform software deployment solutions. -- List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
