Due to my last request from customer I needed to delegate control for HR department to Active Directory. Main reason was: fill all fields in user profiles to has possibility to view them in Outlook.
As all know for Delegate right we have few ways:
1. Right click on OU and to delegation
2. Right click on OU, select properties -> Security etc.
But my post is more about issue with is described in title of this post. How to allow people to edit City, state, office etc.
So here is my solution:
1. Open ADSI Edit
2. Select needed OU
3. Right click Properties
4. Security tab
7. Select group our user for delegate rights (I’m prefer to use Group than user )
8. Switch from Object to Properties
9. In apply to: scroll down and select: Descendant User object
10. Find Read/Write personal information
11. Check in Read/Write personal information
Now you may install RSAT tool on user workstation and user can edit AD.
Have a good one.