|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Change Active Directory InformationHi there
I was wondering how I can enable users to change their own personal information in Active Directory for the purposes of the Address book in Outlook. We currently have Windows 2003 domain with Exchange 2003. A number of users are constantly moving between departments and sites due to the nature of our organisation. We would like to remove this administrative burden from ourselves and grant the user the rights to change basic information such as their address details, telephone etc. Any assistance on this would be greatly appreciated. Kind Regards Gareth Saunders BOFH Gareth,
Have you considered the Delegation Wizard? Be very careful with this. You do not want to give away the house. And, are you using Query-based Distribution lists? This might help in your situation, also. -- Show quoteHide quoteCary W. Shultz Roanoke, VA 24012 "Gareth Saunders" <GarethSaund***@discussions.microsoft.com> wrote in message news:7F68B4CD-2F30-4F11-91B9-F63BBEB506D5@microsoft.com... > Hi there > > I was wondering how I can enable users to change their own personal > information in Active Directory for the purposes of the Address book in > Outlook. We currently have Windows 2003 domain with Exchange 2003. A > number > of users are constantly moving between departments and sites due to the > nature of our organisation. We would like to remove this administrative > burden from ourselves and grant the user the rights to change basic > information such as their address details, telephone etc. > > Any assistance on this would be greatly appreciated. > > Kind Regards > > Gareth Saunders > BOFH By default each user is granted permissions through the SELF security
principal to change the attributes that belong to the following property sets for their own account: * Personal Information Set * Phone and Mail Options Set * Web Information Set Of course you want to know which attributes are in each property set... query AD for it... (1) (A) adfind -config -f "(&(objectCategory=controlAccessRight)(displayName=Personal Information))" rightsGUID dn:CN=Personal-Information,CN=Extended-Rights,CN=Configuration,DC=ADCORP,DC=LAN >rightsGuid: 77B5B886-944A-11d1-AEBD-0000F80367C1 (B) adfind -schema -f"(&(objectCategory=attributeSchema)(attributeSecurityGUID={{GUID:77B5B886-944A-11d1-AEBD-0000F80367C1}}))" -binenc -nodn ldapdisplayname Show quoteHide quote >lDAPDisplayName: streetAddress 41 Objects returned>lDAPDisplayName: homePostalAddress >lDAPDisplayName: assistant >lDAPDisplayName: info >lDAPDisplayName: c >lDAPDisplayName: facsimileTelephoneNumber >lDAPDisplayName: internationalISDNNumber >lDAPDisplayName: l >lDAPDisplayName: mSMQDigests >lDAPDisplayName: mSMQSignCertificates >lDAPDisplayName: personalTitle >lDAPDisplayName: otherFacsimileTelephoneNumber >lDAPDisplayName: otherHomePhone >lDAPDisplayName: homePhone >lDAPDisplayName: otherIpPhone >lDAPDisplayName: ipPhone >lDAPDisplayName: primaryInternationalISDNNumber >lDAPDisplayName: otherMobile >lDAPDisplayName: mobile >lDAPDisplayName: otherTelephone >lDAPDisplayName: otherPager >lDAPDisplayName: pager >lDAPDisplayName: physicalDeliveryOfficeName >lDAPDisplayName: thumbnailPhoto >lDAPDisplayName: postOfficeBox >lDAPDisplayName: postalAddress >lDAPDisplayName: postalCode >lDAPDisplayName: preferredDeliveryMethod >lDAPDisplayName: registeredAddress >lDAPDisplayName: st >lDAPDisplayName: street >lDAPDisplayName: telephoneNumber >lDAPDisplayName: teletexTerminalIdentifier >lDAPDisplayName: telexNumber >lDAPDisplayName: primaryTelexNumber >lDAPDisplayName: userCert >lDAPDisplayName: userSharedFolder >lDAPDisplayName: userSharedFolderOther >lDAPDisplayName: userSMIMECertificate >lDAPDisplayName: x121Address >lDAPDisplayName: userCertificate (2) (A) adfind -config -f "(&(objectCategory=controlAccessRight)(displayName=Phone and Mail Options))" rightsGUID dn:CN=Email-Information,CN=Extended-Rights,CN=Configuration,DC=ADCORP,DC=LAN >rightsGuid: E45795B2-9455-11d1-AEBD-0000F80367C1 (B) adfind -schema -f"(&(objectCategory=attributeSchema)(attributeSecurityGUID={{GUID:E45795B2-9455-11d1-AEBD-0000F80367C1}}))" -binenc -nodn ldapdisplayname 0 Objects returned (3) (A) adfind -config -f "(&(objectCategory=controlAccessRight)(displayName=Web Information))" rightsGUID dn:CN=Web-Information,CN=Extended-Rights,CN=Configuration,DC=ADCORP,DC=LAN >rightsGuid: E45795B3-9455-11d1-AEBD-0000F80367C1 (B) adfind -schema -f"(&(objectCategory=attributeSchema)(attributeSecurityGUID={{GUID:E45795B3-9455-11d1-AEBD-0000F80367C1}}))" -binenc -nodn ldapdisplayname >lDAPDisplayName: wWWHomePage 2 Objects returned>lDAPDisplayName: url or goto: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/property_sets.asp ;-) -- Show quoteHide quoteCheers, (HOPEFULLY THIS INFORMATION HELPS YOU!) # Jorge de Almeida Pinto # MVP Windows Server - Directory Services BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ----------------------------------------------------------------------------- * This posting is provided "AS IS" with no warranties and confers no rights! * Always test before implementing! ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- "Gareth Saunders" <GarethSaund***@discussions.microsoft.com> wrote in message news:7F68B4CD-2F30-4F11-91B9-F63BBEB506D5@microsoft.com... > Hi there > > I was wondering how I can enable users to change their own personal > information in Active Directory for the purposes of the Address book in > Outlook. We currently have Windows 2003 domain with Exchange 2003. A > number > of users are constantly moving between departments and sites due to the > nature of our organisation. We would like to remove this administrative > burden from ourselves and grant the user the rights to change basic > information such as their address details, telephone etc. > > Any assistance on this would be greatly appreciated. > > Kind Regards > > Gareth Saunders > BOFH 
Other interesting topics
|
|||||||||||||||||||||||
