Didn't see an AD board so I posted here, sorry. I'm giving a user permision in AD to update the outlook global address book viewable settings (phone, title, company, etc...) I've got everything except Office. in AD user properties, on the general tab, there is a field called Office. The LDAP name is physicalDeliveryOfficeName. I can't find anything even close to these names in the advanced sercurity settings when granting read/write access. Anyone know what it is called in the advanced security properties?

If it were only that easy Basically physicalDeliveryOfficeName is hidden by default from the ACL view in the properties of the objects. If you want an easy answer, then grant the user Write to the Personal Information permission...and they will be able to write to the "Office" field in ADUC. However, this does grant them access to additional things to. Items in the Personal Information set are: assistant c facsimileTelephoneNumber homePhone homePostalAddress info internationalISDNNumber ipPhone l mobile mSMQDigests mSMQSignCertificates otherFacsimileTelephoneNumber otherHomePhone otherIpPhone otherMobile otherPager otherTelephone pager personalTitle physicalDeliveryOfficeName postalAddress postalCode postOfficeBox preferredDeliveryMethod primaryInternationalISDNNumber primaryTelexNumber publicDelegates registeredAddress st street streetAddress telephoneNumber teletexTerminalIdentifier telexNumber thumbnailPhoto userCert userCertificate userSharedFolder userSharedFolderOther userSMIMECertificate x121Address However, if you want to be more granular then you have to expose the physicalDeliveryOfficeName in the ADUC UI. Close ADUC and then edit the %windir%\system32\dssec.dat file (in notepad) and looking for the [User] section. Change the physicalDeliveryOfficeName entry from 7 to 0. Then going to the ACL editor in ADUC, you will find you have a Read Office Location and Write Office Location entries for user objects. Note: you can now also use the Delegation Wizard, asthe Office Locationproperties will be exposed in there too. WARNING: Make a copy of your DSSEC.DAT file before editing (rename it to .old or something)....just in case something disasterous happens ! - Stuart Hudman