Hello Graham, I realy prefer using DSAcls (or to write a VBS) to change the ACLs programmatically. You can granuarly set and verify the intended result, and if you need to delegate the same rights to other OUs or for other groups you are sure that you assigned the same rights.
Just my â0.02 Gruesse - Sincerely, Ulf B. Simon-Weidner > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner > Sent: Monday, September 06, 2004 11:24 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] user object attribute delegation > > dear all, am looking to explicitly delegate the modification > of 2 attributes of the user object > > these are display name / email address (as viewed in the General tab) > > using the delegation wizard and the custom delegation of the > user objects and then selecting property specfiic permissions > we don;t seem to be able to set the permissions correctly for > the attribute for the e-mail address > > selecting the Write Display name permission works correctly > > it is not immediately obvious which attribute i set to modify > the email address - Email address (Others) is listed but this > does not make the email address editable > > the only way i seem to be able to get the delegation (of the > email address) to work is to set the "write Public > information" - however this then seems to open up a whole > load of other attributes > > surely i should be able to set the delegation for this mail > address attribute only ?? > > TIA > > GT > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
