Permissions neccessary to move user objects between OUs

J

Jason Edelen

Can anyone tell me what permissions are necessary in order to move a user
object between OUs in active directory? I'm specifically wondering if the
create and delete user objects right is required but I'd appreciate it if
anyone can either enumerate the rights or point me somewhere to find them.
Thanks in any case.
 
J

Joe Richards [MVP]

In a nutshell, if you want to move items in the DS from one container to
another, you need three permissions:
1) DELETE on the object being moved or DELETE_CHILD on the source container
2) WRITE_PROP on the object being moved for RDN and CN.
3) CREATE_CHILD on the target container

I'd swear Dmitri posted on this very topic once before....ah yes, here it
is.
http://groups.google.com/groups?q=d...=#[email protected]&rnum=1

Ah he noted something I forgot.....be sure to note his #2 with the example
for OU.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Delegate Move of Computer objects between 2 OUs 1
Prevent some Domain Admin Account from creating USERS, Groups, OUs 2
permission for moving objects in AD 3
DHCP / Sites / OUs 3
Delegating permissions to move user accounts 7
Delegate permissions to move User objects 1
Inheritance on user objects with Domain Admin membership 2
user permissions to add computer acct to domain 2

Top