create computer object

G

Guest

I have given our helpdesk group create and delete computer object over the
entire domain.

However, they are still not able to drag a computer out of the built in
computer OU to one of the OU's that we have created for policies.

Is there an additional permission that I need to give?

Thanks in advance for any help,
Hutch
 
G

Guest

You will need to delegate those users administration to that OU.
They will then be able to drag/move computers into the OU
 
G

Guest

If by saying delegate administration of that OU, if you mean to just give
them create and delete computer objects of the OU the objects are being moved
to, they already have that.

Or do I need to grant them permissions above that?

Thanks,
Hutch
 
G

Guest

Hutch,

You are on the right track.

In order to allow moves between OU's the user you are delegating will also
need delete object permissions on the built on computer OU.

So the user needs at least delete permission (althoug it is not actually
deleting) on the built-in computer ou and create permission on the OU the
user needs to move the computer to.

You may also need to give the write-all-properties permission to the
delegated user so that the object's ou location etc can be updated.

Hope this helps.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Security Propagation Withing AD 2000 4
Migration with ADMT 1
Delgation Question 2
Groups and OU's 3
Create workstation account in OU 2
Delegating Administrative rights to OU's 5
How do I apply a GPO to an individual user for his computer only? 2
OU/Container Question Rephrased 2

Top