Yes, you can delegate those permissions to read/modify/delete attributes and objects through the Delegate wizard in ADUC.
On Oct 16, 2017 09:24, "Jack Kramer" <[email protected]> wrote: > What about having her execute a PS script to do that? She’d still need > permissions but it’d be a lot harder for her to get into trouble if she > doesn’t have an interface to mess around with. > ---- > Jack Kramer, Senior Consultant > Small Type Computing - www.smalltype.net > W: 855-765-8973 x101 - C: 248-635-4955 > > > On Oct 16, 2017, at 8:44 AM, Michael Leone <[email protected]> wrote: > > > > I have a user, who needs to do 2 things in AD. > > > > 1. She needs to lookup a user, to see what their login ID is (it has > > to match what is in our Cisco VOIP, I'm told). And then ... > > 2. She needs to input a value in the "IP Phone" field. (apparently, > > the Cisco software does an LDAP lookup of this field). > > > > Is it possible to delegate the right to change just that one field to > > a user? (I think not) We don't want her to inadvertently delete a > > user, or change anything else. We're just tired of her calling the > > help desk to do simple lookups, or enter a phone number that she > > should (might?) be able to do herself. > > > > Mind you, I did an export of all user logins, which was supposed to be > > fed into the Cisco system. So why they think the logins don't match, I > > don't know. And don't have time (or inclination) to deal with. > > > > Thanks for any advise. > > > > > >
