This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 21%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIG%3C/text%3E%3C/svg%3E)
When trying to delegate permissions on an OU to allow a user to have the ability to edit certain fields, I noticed they are still unable to manage the "Manager" field. I delegated read and write permissions to allow him to edit the Manager field and it still doesn't allow him to.
Any thoughts? Is there anywhere else I need to make these permissions changes?
Hi @IT GURU
The manager attribute is a linked attribute and is the backlink of the directReports attribute. Backlink attributes are read-only and changes to the attribute must be made on the forward link attribute, in this case directReports. You will need to delegate write access to the directReport attribute to allow the manager attribute to be changed.
Gary.
Thank you kindly for the quick response and help @Gary Reynolds ! Unfortunately, this did not work for me and the user still isn't able to edit the attribute. I confirmed the write access to the directreport attribute and that the other permissions for manager attribute were correct as well.
Do you have any other thoughts on what this could be?
What application are you using to edit the attribute and what error are you getting?
If you are not using ADCU, you have to edit the directReport attribute of the managing user and enter the DN of the user that you want to add, i.e. CN=Gary Reynolds,OU=Domain Users,DC=w2k12,DC=local
Gary.
Hi Gary,
I am using Active Directory Users and Computers to edit the attribute. It doesn't give any errors and allows the permissions on the OU to save. But when the user tries to edit the manager field for any users, it simply does not let him type in the field.
Hi @IT GURU
Sorry for the slow response, I've been away for the last week. Not sure if you have resolved your issue or not but here is some additional information.
Firstly a correction to the information I provided previously. The directReports is the backlink attribute, the manager attribute is the one that requires write permissions.
With the manager attribute, it's not possible to type directly into the field within ADUC, you must use the Change button to select the object you want to be the manager. The Change button will only be enabled if the user making the change has write access to the manager attribute.
The write access to the manage attribute can be granted in a number of ways:
If you assigning the permission at the OU level, make sure that you set the permissions to be all descendant objects or descendant user object, so the permissions are applied to the user objects in the OU.
Gary.