I'm trying to give my bind user account the ability to write to the directReports attribute. When I get into the properties, almost every other attribute has a read and a write option. I only see "Read Direct Reports." No "Write Direct Reports."
This is AD 2003.
I've gone through the Delegate Control wizard and there was a Read and Write Direct Reports. I ticked both of them, tried to write, but still cannot.
Anybody know what's going on and why I can't delegate control to this attribute?
Thanks all!
Try using ADSI Edit to modify the ACL for the OU containing the users that you want your bind account to modify. ADSI Edit isn't as simple as the delegation wizard, but it does give you full control.
Another option would be to add your bind user account to the Account Operators security group, although that would allow it to modify all account properties and not just this particular one.