Way for non-administrator to manage contacts in Global Address Lis

Discussion in 'Active Directory' started by Amanda Cannon, Jul 4, 2008.

  1. I have created several distribution lists which are largely populated by
    contacts with external email addresses only. The contacts are in a separate
    OU to segregate them from normal users. The distribution lists are
    maintained through Outlook 2003 by a user who does not have rights to log on
    to the server. She is able to add/delete distribution list members with no

    Is there a similar method to allow her to add/delete/modify the contacts
    themselves? I modified the OU to be "managed by" this user, and I also tried
    changing the group policy for the OU to delegate the container and child to
    the user. I can see all properties, but no changes are allowed. Delete does
    nothing, and add gets me an error " you cannot create entries in this address

    What I'm looking for is a safe way to let a user manage a very limited
    subset of active directory information. Any ideas would be greatly

    Server: SBS 2003 with Exchange Server 2003. Fully up to date.
    Workstation: Windows XP SP2.

    Amanda Cannon, Jul 4, 2008
    1. Advertisements

  2. Hello Amanda,

    Rightclick the OU and choose delegate control.

    Best regards

    Meinolf Weber
    Meinolf Weber, Jul 4, 2008
    1. Advertisements

  3. Thank you for responding. I have run the delegate control wizard, and it
    seems to take, but I still can't have a user add/delete/update.

    Perhaps the more accurate question is: what software do I use to allow a
    user to update Active Directory objects within a given OU from their own
    computer? I do not want them to log on to the server, and I only want them
    to have access to the one OU. They can't make the changes through Outlook.
    Is there another piece of software that would allow this?

    Thank you,
    Amanda Cannon, Jul 5, 2008
  4. install the adminpak and create a taskpad to manage the contacts. from a
    permissions perspective you would need to delegate the permissions to that
    user or group of users to manage the contacts in the way required



    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    Jorge de Almeida Pinto [MVP - DS], Jul 7, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.