Grant account write access to specific attributes on Active Directory User object
Posted
by Patricker
on Server Fault
See other posts from Server Fault
or by Patricker
Published on 2010-06-16T22:24:54Z
Indexed on
2010/06/16
22:33 UTC
Read the original article
Hit count: 286
I am trying to allow an account to update very specific attributes on all User objects. I am setting this security on the "User" object. When I add the account on the security tab, go to advanced, edit the accounts permissions, and start going through the list of attributes I am only able to find a few, like First Name, but most of the attributes I want to let them write to are missing. How can I grant the account write access to these attributes?
Attributes I need to grant permission for:
- First Name (givenName)
- Last Name (sn)
- Initials (initials)
- Department (department)
- Company (company)
- Title (title)
- Manager (manager)
- Location Info (physicalDeliveryOfficeName, streetAddress, postOfficeBox)
- Work Phone (telephoneNumber)
- Pager (pager)
- IP Phone (ipPhone)
- IP Phone Other (otherIpPhone)
- ThumbnailLogo (thumbnailLogo)
- jpegPhoto (jpegPhoto)
- Description (displayName)
Thanks
© Server Fault or respective owner