Security to computer/user account description field

How do I enable users the rights to write/change to the AD computer/user
account description field?

 

Matt,

Have you looked at the Delegation Wizard? I have not looked at it for this
specific attribute but it is generally a good place to start. However, be
advised that you will have to document this very well as there is no
'Delegation MMC' where you can look to see what changes you have made with
it. You are simply changing things in AD and would have to look at the
attribute in question to see where things stand.

 

Basically, you create a group and grant that group write description
property.

You do this by opening DSA.MSC (or ADSIEDIT.MSC), enabling advanced view and
then pulling up the properties of the domain. Click the security tab and
choose advanced, click add and add the group. In the permissions entry for
<domain name> select properties, and change apply onto to user objects.
Choose read description and write description. Hit OK. Do the same again
but choose computers instead of users as the object type.

Note that this won't apply to members of protected groups due to
adminSDHolder:
-- http://www.msresource.net/content/view/38/46/