Delegated Users cannot delete computer from Doamin in AD

[dbouton]

I have delegated 3 users to create/delete computers in our domain.
Works fine for any new computers being added and they can delete any
computer originally added by them. However if there are existing
computers in AD that were created by Admins then it appears to the
delegated user that the computer is being deleted but they get an
Access Denied when trying to re-add it. When I look in AD I see that
it actually has not been deleted. I manually delete it and then they
can add it.

How can I fix this problem so they can delete any computer no matter
who originally added it to AD?

Thanks for any help.
Dawn

 

[ptwilliams]

How have you delegated the right to delete computer objects?

--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


I have delegated 3 users to create/delete computers in our domain.
Works fine for any new computers being added and they can delete any
computer originally added by them. However if there are existing
computers in AD that were created by Admins then it appears to the
delegated user that the computer is being deleted but they get an
Access Denied when trying to re-add it. When I look in AD I see that
it actually has not been deleted. I manually delete it and then they
can add it.

How can I fix this problem so they can delete any computer no matter
who originally added it to AD?

Thanks for any help.
Dawn

 

[dbouton]

In AD I used the delgate control wizard on my domain and Join a
Computer to Domain was an option. I then edited the security
permissions to also allow delete computer objects.

Thanks
Dawn