0

I am using Active Directory Users and Computers version 6.1.7601.17514

I am attempting to delegate the ability for our HR users to edit the First and Last Name for user accounts in Active Directory. I am using the Active Directory Delegation of Control Wizard to do this. My process is like so:

  1. Right click the OU
  2. Delegate Control
  3. add my group
  4. create a custom task to delegate
  5. Only the following objects in the folder
  6. check User Objects
  7. uncheck General and check Property-specific

I can find First Name (and all the other attributes I want to delegate the control of) but not Last Name. I did some searching and found that some of these attributes may be filtered out. Apparently if one edits dssec.dat found in %systemroot%\system32 and changes sn=7 to sn=0 in the [user] section this should allow the Last Name attribute to be viewed in the Delegation of Control Wizard. I have done this but Last Name still doesn't show up for Read/Write.

Does anyone know why?

Slipeer
  • 3,255
  • 2
  • 18
  • 32
ComputerUser5243
  • 11
  • 5

1 Answers1

1

I've changed sn=7 to sn=0 and now I can see Last Name attribute.

Don't forget to restart ADUC after changes made to dssec.dat

Slipeer
  • 3,255
  • 2
  • 18
  • 32
toxikas
  • 11
  • 1