RE: Assigning some rights to users
From: Pat Cai[MSFT] (v-patcai_at_online.microsoft.com)
Date: 03/03/05
- Next message: desktop: "Re: Email being sent to wrong/not in use user."
- Previous message: Linda: "to make a long story short - help please"
- In reply to: chv_at_anon.postalias: "Assigning some rights to users"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 03 Mar 2005 07:27:11 GMT
Hi,
The address, telephone etc information belongs to the User object in AD. We
are unable to modify them in Outlook.
My understanding of your concern is: You want your clients to update their
own personal information those displayed in GAL. For this purpose, we have
a utility, GAL MOD to achieve it. User can modify his personal data,
including telephone, address, company etc by using this utility. For some
reasons, this utility has not been published yet, so please give me your
available email address and I will send it to you directly. My email
address is v-patcai@microsoft.com.
Note:
1. By default, an ordinary user only has the permission to modify his own
personal info, but not others.
2. This utility is provided with no warranties, you will take your own risk
if you choose to use it.
If you want to have someone (not the system admin) also be able to modify
other's information, you should delegate some AD permissions to him. To do
so:
1. Open "AD Users & Computers"
2. Right click the Users contained and select "Delegate Control"
3. Add the Group or User that you want to delegate this permission to the
List,
4. Select "Create a custom task to delegate"
Select "Only the following objects in the folder:
Select "USER OBJECTS"
5. Under Permissions we check "General", select "write Personal
Information" and then click OK
Note: Users having admin right rights cannot be changed by the delegated
users. For normal users, if you find that you cannot edit personal
information for any normal user, it is because this user object blocks
security inheritance. You can confirm it by the following steps:
1. Open ADU&C, click View, and select "Advanced Features"
2. Right click the user->properties->security. The Group you delegated is
not list.
3. Click Advanced, you should see "Allow inheritable permissions from the
parent to propagate to this object and all child objects." is not checked.
Therefore, the user object does hot inherit security settings when you
delegate the permissions. To work around the issue, you could manually add
permission to the user. Or, you could check "Allow inheritable permissions"
to the user and run delegate wizard again.
Hope the information helps.
Since it is an AD problem in nature, so if you still have questions
regarding this "delegate controls" process, I also suggest you post a new
thread in the following newsgroups, so that you can get more assistance
from those who mainly focus on AD.
Microsoft.public.win2000.active_directory
Hope the information helps.
Regards,
Pat Cai
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
Business-Critical Phone Support (BCPS) provides you with technical phone
support at no charge during critical LAN outages or "business down"
situations. This benefit is available 24 hours a day, 7 days a week to all
Microsoft technology partners in the United States and Canada. This and
other support options are available here:
BCPS:
https://partner.microsoft.com/US/technicalsupport/supportoverview/40010469
Others: https://partner.microsoft.com/US/technicalsupport/supportoverview/
If you are outside the United States, please visit our International
Support page:
http://support.microsoft.com/default.aspx?scid=%2finternational.aspx.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: desktop: "Re: Email being sent to wrong/not in use user."
- Previous message: Linda: "to make a long story short - help please"
- In reply to: chv_at_anon.postalias: "Assigning some rights to users"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
