Grant account write access to specific attributes on Active Directory User object

Posted by Patricker on Server Fault See other posts from Server Fault or by Patricker
Published on 2010-06-16T22:24:54Z Indexed on 2010/06/16 22:33 UTC
Read the original article Hit count: 286

Filed under:
|
|

I am trying to allow an account to update very specific attributes on all User objects. I am setting this security on the "User" object. When I add the account on the security tab, go to advanced, edit the accounts permissions, and start going through the list of attributes I am only able to find a few, like First Name, but most of the attributes I want to let them write to are missing. How can I grant the account write access to these attributes?

Attributes I need to grant permission for:

  • First Name (givenName)
  • Last Name (sn)
  • Initials (initials)
  • Department (department)
  • Company (company)
  • Title (title)
  • Manager (manager)
  • Location Info (physicalDeliveryOfficeName, streetAddress, postOfficeBox)
  • Work Phone (telephoneNumber)
  • Pager (pager)
  • IP Phone (ipPhone)
  • IP Phone Other (otherIpPhone)
  • ThumbnailLogo (thumbnailLogo)
  • jpegPhoto (jpegPhoto)
  • Description (displayName)

Thanks

© Server Fault or respective owner

Related posts about security

Related posts about active-directory