I want to be able to grant rights to 2 people in the HR department to be able to modify the following fields in AD (I am using Delegate Control wizard):
General tab:
First name/Display name/Description/Office/Telephone number
Address tab:
Street/P.O. Box/City/State province/Zip Postal Code/Country region
Telephones tab:
Home/Pager/Mobile/Fax/IP phone/Notes
Organization tab:
Job Title/Department/Company/Manager/Direct Reports
note 1: If I use .qds file (dsquery, OpenQueryWindow) on their desktop. Everything but the assign a "Manager" field is working. They need to be able to assign a Manager.
note 2: If I use the mmc snap-in for Active Directory Users & Computers. Everything works but, its too much access. They would be able to add/remove Users.
How can I over come this?
Tommy