Delegating Control of Individual Attributes! ioamnesia 7/5/2007 5:24:02 PM I've been developing an internal hta application that allows a user to view and update only certain attributes of their AD object. I'm trying to grant access to the following attributes with their uid: Department bf96794f-0de6-11d0-a285-00aa003049e2 Title bf967a55-0de6-11d0-a285-00aa003049e2 physicalDeliveryOfficeName bf9679f7-0de6-11d0-a285-00aa003049e2 Description bf967950-0de6-11d0-a285-00aa003049e2 telephonenumber bf967a49-0de6-11d0-a285-00aa003049e2 homephone f0f8ffa1-1191-11d0-a060-00aa006c33ed mobile f0f8ffa3-1191-11d0-a060-00aa006c33ed facximileTelephoneNumber bf967974-0de6-11d0-a285-00aa003049e2 manager bf9679b5-0de6-11d0-a285-00aa003049e2 So here's the deal. I am trying to write a script that will go thru ad and grant each user the rights to modify only these attributes. I can get the script to grant a single attribute but not all attributes. I would have to write an execute a separate script for each attribute which would create mutiple DACLs per user object. If I could create a custom property set that would work but i can't seem to find information for that. Any help would be appreciated.