now that we set up exchange here we would like our HR guy to be able to edit personal information of other users in AD, so that we can have more of a unified way of looking all this up.the hr guy should not be anywhere close to a domain admin. but i would like him to be able to edit "company" "department" "Title" "phone number" etc. for any user in the tree or at LEAST any mailbox enabled user.what would be the best way to do this?seems like he could do this under the address book in outlook 2k3 if he had permissions.. but i am not sure..thanks!

check out: http://www.directory-update.com/

seems a little pricey for an over-glorified way of updating user information. i mean 400 dollars so my HR guy can update contact info?thanks for the help tho.. i might have to break down and buy this is if there isn't another alternative..seems like it should just be some permission setting i can give him so i can just update the address book in his own outlook, no?

You can give the user permission to update just specific attributes if you know the Active Directory Users and Computers delegation wizard really well. If you don't, you may end up spending hours or even days figuring out the right persmissions. Bottom line is that you already have the tool you need to accomplish the task of allowing someone like an HR person to do this; that is Active Directory Users and Computers. Look at the Delegation Wizard and you will see that you can delegate permissions to just read or write specific attributes; not simple but you can do it. But you have to install the ADMINPAK.MSI on your HR person's computer so that he/she can use ADUC. Outlook will not allow a user to update information which is too bad because that would be the simplest way to do it. The valueof 3rd party tools like Ithicos Solution's Directory Manager, Imanami's WebDir (we use WebDir), or The DotNet Factory's EmpowerID is that they let you simplify the interface for someone like an HR person and they let you more easily enforce the types of information they can update in Active Directory. For example, you can enforce phone number formats and allow the HR person to only select specific department numbers. For an HR person, ADUC is probably just "too much" tool. There are some other tools on Slipsticks Systems site, too.