Rights on OUs
Windows Server Forum Index Windows Server
Server discussion on Windows platform.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web winserverhelp.com
Rights on OUs

 
Post new topic   Reply to topic    Windows Server Forum Index -> Active Directory
Author Message
Gabe - GMail
Guest
Posted: Fri Jan 14, 2005 1:08 pm    Post subject: Rights on OUs Reply with quote
I want to be able to delegate two OUs (OU-A and OU-B) with minimal rights
granted to a domain local group called DL-Acct.

I want members of the group to be able to move computer accounts from OU-A
to OU-B. What rights does the group need on each OU?

Any help appreciated.

Thanks,
Gabe
--
Back to top
Dmitry Korolyov [MVP]
Guest
Posted: Fri Jan 14, 2005 5:12 pm    Post subject: Re: Rights on OUs Reply with quote
Create computer accounts in OU-B
Delete computer accounts in OU-A

I would also grant Manage computer accounts in both OUs

--
Dmitry Korolyov [d__k@removethispart.mail.ru]
MVP: Windows Server - Directory Services


"Gabe - GMail" <gabe.eapen@gmail.com> wrote in message
news:%23QadZfg%23EHA.1076@TK2MSFTNGP10.phx.gbl...
Quote:
I want to be able to delegate two OUs (OU-A and OU-B) with minimal rights
granted to a domain local group called DL-Acct.

I want members of the group to be able to move computer accounts from OU-A
to OU-B. What rights does the group need on each OU?

Any help appreciated.

Thanks,
Gabe
--


Back to top
Joe Richards [MVP]
Guest
Posted: Sat Jan 15, 2005 12:51 am    Post subject: Re: Rights on OUs Reply with quote
This is from a previous post from MS that I googled.


In a nutshell, if you want to move items in the DS from one container to
another, you need three permissions:
1) DELETE on the object being moved or DELETE_CHILD on the source container
2) WRITE_PROP on the object being moved for RDN and CN.
3) CREATE_CHILD on the target container

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Gabe - GMail wrote:
Quote:
I want to be able to delegate two OUs (OU-A and OU-B) with minimal rights
granted to a domain local group called DL-Acct.

I want members of the group to be able to move computer accounts from OU-A
to OU-B. What rights does the group need on each OU?

Any help appreciated.

Thanks,
Gabe
Back to top
 
Post new topic   Reply to topic    Windows Server Forum Index -> Active Directory All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




New Topics Powered by phpBB