Delegate control in AD to update city and state/province

Due to my last request from customer I needed to delegate control for HR department to Active Directory. Main reason was: fill all fields in user profiles to has possibility to view them in Outlook.

As all know for Delegate right we have few ways:

1. Right click on OU and to delegation

2. Right click on OU, select properties -> Security etc.

But my post is more about issue with is described in title of this post. How to allow people to edit City, state, office etc.


So here is my solution:

1. Open ADSI Edit

2. Select needed OU

3. Right click Properties

4. Security tab

5. Advanced

6. Add..

7. Select group our user for delegate rights (I’m prefer to use Group than user )

8. Switch from Object to Properties

9. In apply to: scroll down and select: Descendant User object

10. Find Read/Write personal information

11. Check in Read/Write personal information

12. Ok

13. Ok

14. Ok.

Now you may install RSAT tool on user workstation and user can edit AD.

Have a good one.


About nicoljako

Cofounder Kresalo., sysadmin, architect of IT infrastructures
This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink.

One Response to Delegate control in AD to update city and state/province

  1. Lieselotte says:

    Way cool! Some very vaoid points! I appreciate youu writing thiss post plis the rest
    of tthe site is extremely good.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s