After creating a security group for special permissions (edit User Objects fields like Street, ZIP etc.) I have a problem of not being able to delegate permission for the field "Country/Region" on a forest functional level of Server 2008 R2.
What I've been doing so far:
EDIT dssec.dat set co=0;
=> Country/Region is available in AD Delegation Wizard (success)
RESET CUST DELEGATIONs and DELEGATE Read/Write Control on specific fields including Country / Region
=> All specific fields except for Country/Region been able to edit
- RESET CUST DELEGATIONs and DELEGATE Permission set "Read/Write public Information"
=> All specific fields except for Country/Region been able to edit
- RESET CUST DELEGATIONs and DELEGATE Permission set "Read/Write private Information"
=> Country/Region editable as well as fields like LogonName/Logon pre W2K
I would like to know how to delegate Permission on the Country/Region field without granting too much rights!