question

Guillaume44 avatar image
0 Votes"
Guillaume44 asked Guillaume44 commented

Delegate employeeID to non admin user

Hi,

I'm looking to delegate the employeeID attribute to a bunch of non admin user.
I can't find the attribute in the delegation Wizard.

would you have a solution?
Thank's

windows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered Guillaume44 commented

Hi,

I checked the user class in AD schema on my server. In the attribut list i can't find the EmployeeID either.
So, i don't think it is the cause.

What if you delegate the permission through ADSI?
109203-image.png



image.png (106.4 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

I found the problem.
The problem is the french translation for Employee ID.
In the delegation wizard the Label for Employee ID is not the attribut name.

So it's not employeeID like employeeNumber

It's Employee ID and in french they translate it to : Numéro D'employée
So in the list we have two employeeNumber.

I'm really sorry for that.
Thank you very much !

0 Votes 0 ·
FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered

Hi,
Based on my understanding, you want to grant permission to some users that to manage the employeeID attribute of users, and when you try to use the delegation of control wizard, you can't find the attribute, right?
If i misunderstand you, please feel free to let me know.

Here is how i found the attribute in my lab:
107901-6223.jpg
107911-6222.jpg
107902-6221.jpg

Best Regards,


6223.jpg (43.6 KiB)
6222.jpg (43.0 KiB)
6221.jpg (43.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Guillaume44 avatar image
0 Votes"
Guillaume44 answered

Hi,

Yes that's my question :)
For me EmployeeID is not listed in the wizard like you :
108013-image.png



Regards


image.png (38.9 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered FanFan-MSFT edited

Hi,
When select the object type, did you select the computer objects?
108501-image.png
If you select the computer objects, then the Employee ID will not display.
108475-image.png

You can only select the user objects
![108350-image.png][4]

Best Regards,

[4]: /answers/storage/attachments/108491-image.png




image.png (13.1 KiB)
image.png (7.1 KiB)
image.png (182.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Guillaume44 avatar image
0 Votes"
Guillaume44 answered Guillaume44 commented

Hi,

No i only select User Object.
My domain and forest functional level are 2012 R2

Regards

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
Can you find the attribute under the user properties?
Which user did you use to do the delegation control?
I also try to do this on my 2008 DCs(function level 2008), the Employee ID also lists under the delegation control.

Best Regards,

0 Votes 0 ·

Hi

Yes I can find the attribut under user properties and I can edit it.
I m using the domain admin account to delegate.

Thank you
Regards

0 Votes 0 ·
FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered Guillaume44 commented

Hi,

Try to do this through the following way:
Right click the OU>properties>security>Advanced
Add the users you want to delegate permission to:
For the Applies entry, select "Descendant User Objects
Under the properties, select the Employee ID(read and apply ).
108901-6242.jpg




6242.jpg (122.5 KiB)
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Same problem, i can't find the EmployeeID rights.
I don't know if it can be the problem, but if i check my user class in AD schema.

In the attribut list i can't find the EmployeeID :
108904-image.png



The employeeID attribut is in the OrganizationalPerson class which is related to the user class.

0 Votes 0 ·
image.png (10.5 KiB)

Would you please share a screenshot of the Schema as following?
108934-6243.jpg


0 Votes 0 ·
6243.jpg (110.3 KiB)

Here it is :
108962-image.png


0 Votes 0 ·
image.png (19.0 KiB)