Grant account write access to specific attributes on Active Directory User object
- by Patricker
I am trying to allow an account to update very specific attributes on all User objects. I am setting this security on the "User" object. When I add the account on the security tab, go to advanced, edit the accounts permissions, and start going through the list of attributes I am only able to find a few, like First Name, but most of the attributes I want to let them write to are missing. How can I grant the account write access to these attributes?
Attributes I need to grant permission for:
First Name (givenName)
Last Name (sn)
Initials (initials)
Department (department)
Company (company)
Title (title)
Manager (manager)
Location Info (physicalDeliveryOfficeName, streetAddress, postOfficeBox)
Work Phone (telephoneNumber)
Pager (pager)
IP Phone (ipPhone)
IP Phone Other (otherIpPhone)
ThumbnailLogo (thumbnailLogo)
jpegPhoto (jpegPhoto)
Description (displayName)
Thanks