I vote not allowing a regular user to run powershell. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jack Kramer Sent: Monday, October 16, 2017 8:57 AM To: [email protected] Cc: ActiveDir Mailing List Subject: Re: [NTSysADM] Is it possible to allow users to update just 1 field in AD?
What about having her execute a PS script to do that? She’d still need permissions but it’d be a lot harder for her to get into trouble if she doesn’t have an interface to mess around with. ---- Jack Kramer, Senior Consultant Small Type Computing - www.smalltype.net W: 855-765-8973 x101 - C: 248-635-4955 > On Oct 16, 2017, at 8:44 AM, Michael Leone <[email protected]> wrote: > > I have a user, who needs to do 2 things in AD. > > 1. She needs to lookup a user, to see what their login ID is (it has > to match what is in our Cisco VOIP, I'm told). And then ... > 2. She needs to input a value in the "IP Phone" field. (apparently, > the Cisco software does an LDAP lookup of this field). > > Is it possible to delegate the right to change just that one field to > a user? (I think not) We don't want her to inadvertently delete a > user, or change anything else. We're just tired of her calling the > help desk to do simple lookups, or enter a phone number that she > should (might?) be able to do herself. > > Mind you, I did an export of all user logins, which was supposed to be > fed into the Cisco system. So why they think the logins don't match, I > don't know. And don't have time (or inclination) to deal with. > > Thanks for any advise. > >
