This article provides instructions on configuring the SYNERGIX AD Client Extensions self service feature to manage Active Directory User General Information. It also provides additional steps required to delegate control in Active Directory.
In order to update user properties, the Self security principal must be granted WRITE permission on the desired attributes.
- Log into a domain computer with your domain admin account.
- Launch “Active Directory Users and Computers” management console or run DSA.MSC.
- Select the domain object or an organizational unit that you wish to manage.
- Launch the Delegate Control wizard.
- In the ‘Welcome to the Delegation of Control wizard’ dialog box, click on Next
- In the ‘Users and Groups’ dialog box, click on Add
- In the ‘Select Users, Computers or Groups’ dialog box and in the ‘Enter the object name to select’ text box, type ‘Self’ and click on ‘Check Names’ button to validate the entry. Click on OK to accept the entry and to return back to the ‘Users and Groups’ dialog box.
- Verify that ‘Self is listed in the ‘Selected Users and Groups’ list. Click on Next.
- In the ‘Tasks to delegate’ dialog box, click on ‘Create a custom task to delegate’. Click on Next
- In the ‘Active Directory Object Type’, click on ‘Only the following objects in the folder ..’ and from the list, select ‘User objects’. Do not check ‘Create selected objects in the folder’ and ‘Delete selected objects in the folder’. Click on Next to proceed.
- It is recommended that you grant only necessary permissions to the Self security principal. For example, if you wish to grant the user permission to update their Office Telephone number, grant “Write Telephone Number” by checking the Permission entry in the list. Click on Next after you have made your choice.
- In the ‘Completing the Delegation of Control’ wizard, review the information and click on Finish to apply the changes