How to delegate permissions in Microsoft Active Directory if you CANNOT see the attribute in AD delegation Wizard. (even when you have Advanced view enabled)

How to delegate permissions in Microsoft Active Directory if you CANNOT see the attribute in AD delegation Wizard. (even when you have Advanced view enabled)

Step 1 : Logon to the system where ADUC console will be used (dsa.msc)  (if you don’t know about this console this article is not for you J )

Step 2 : Run a NOTEPAD with administrative permissions

Step 3  Open following file in notepad

%Systemroot%\System32\dssec.dat

Got to [user] heading

Note: This file list attribute that you can use in delegation wizard

Step 4 : See if you can find the attribute name that you want to see in the text file (as shown below) and change the value of attribute to 0 (from 7)

– If you don’t have any entry for your attribute, you can create one entry with value =0 for that attribute but the attribute should be present in schema

                Example : C=7 to C=0 for getting attribute C in wizard.

Values supported:

0- Read and Write is visible in wizard
7 – This will hide the attribute

Save the file,  Close the console and get a tea - sometime you might have to wait for 20 minutes (so that all open threads are closed) and re-launch Active Directory Users and Computer.

You should be able to see that attribute in wizard now.