1

After creating a security group for special permissions (edit User Objects fields like Street, ZIP etc.) I have a problem of not being able to delegate permission for the field "Country/Region" on a forest functional level of Server 2008 R2.

What I've been doing so far:

  • EDIT dssec.dat set co=0;

    => Country/Region is available in AD Delegation Wizard (success)

  • RESET CUST DELEGATIONs and DELEGATE Read/Write Control on specific fields including Country / Region

=> All specific fields except for Country/Region been able to edit

  • RESET CUST DELEGATIONs and DELEGATE Permission set "Read/Write public Information"

=> All specific fields except for Country/Region been able to edit

  • RESET CUST DELEGATIONs and DELEGATE Permission set "Read/Write private Information"

=> Country/Region editable as well as fields like LogonName/Logon pre W2K

I would like to know how to delegate Permission on the Country/Region field without granting too much rights!

Community
  • 1
Becks TibiaFun
  • 148
  • 9
  • I've made also sure that I am connected on the correct Domain Controller as well as it shouldn't matter as the replication works fine – Becks TibiaFun Feb 13 '14 at 09:45
  • As I do not have the required rep yet I'd appreciate if someone set a small Bounty, as I have spent a lot of time again today resulting in either none or too much access. – Becks TibiaFun Feb 14 '14 at 14:00

1 Answers1

0

RESET CUST DELEGATIONs and DELEGATE Permission set "Read/Write private Information"

=> Country/Region editable as well as fields like LogonName/Logon pre W2K

This step done the trick once making sure that the permissions are replicated correctly before continuing the tests

Becks TibiaFun
  • 148
  • 9