Delegation : Can't move Computer objects.

Discussion:

(too old to reply)

Zul

2004-04-09 11:41:23 UTC

Hi,

I have delegated all the tasks to one of the domain user (just a domain user
without the admins rights) to some of the OUs. I can moved users between
each OUs but I can't moved Computer objects, any ideas ? I have also tried
to give "Full Control" permission (under the Properties -> Security of the
OUs) to this domain user but still I can't moved the Computer objects. The
message said that "....Access is denied."

Please help me on this...

Thank you

Rgrds,
Zul

Stew Basterash

2004-04-09 14:19:52 UTC

Permalink

The User Object in question would have to be deligated rights to both the
source and destination containers in AD... i.e. You need to have read/write
computer objects for the default "Computers Container" as well as the
destination OU "Workstations" (or whatever)...

Post by Zul
Hi,
I have delegated all the tasks to one of the domain user (just a domain user
without the admins rights) to some of the OUs. I can moved users between
each OUs but I can't moved Computer objects, any ideas ? I have also tried
to give "Full Control" permission (under the Properties -> Security of the
OUs) to this domain user but still I can't moved the Computer objects. The
message said that "....Access is denied."
Please help me on this...
Thank you
Rgrds,
Zul

Zul

2004-04-10 03:02:05 UTC

Permalink

Hi,

Post by Stew Basterash
The User Object in question would have to be deligated rights to both the
source and destination containers in AD... i.e.

I have done that already by using the wizard.."Delegate control..." (right
click the OU).

Post by Stew Basterash
You need to have read/write
computer objects for the default "Computers Container" as well as the
destination OU "Workstations" (or whatever)...

I'm not that sure about the "..read/write computer objects..". Is it under
the Security tab (right click the OU, went to properties, then to the
Security tab) and give the user Permission of :

Read
Write
Special Permission (from the delegation..)

Am I doing the right thing...because I still got the "Access denied"
message..

Thank you.

Rgrds,
Zul

Post by Stew Basterash
The User Object in question would have to be deligated rights to both the
source and destination containers in AD... i.e. You need to have read/write
computer objects for the default "Computers Container" as well as the
destination OU "Workstations" (or whatever)...

Post by Zul
Hi,
I have delegated all the tasks to one of the domain user (just a domain

user

Post by Zul
without the admins rights) to some of the OUs. I can moved users between
each OUs but I can't moved Computer objects, any ideas ? I have also tried
to give "Full Control" permission (under the Properties -> Security of the
OUs) to this domain user but still I can't moved the Computer objects. The
message said that "....Access is denied."
Please help me on this...
Thank you
Rgrds,
Zul

Chriss3

2004-04-10 20:46:27 UTC

Permalink

Zul. You have to delegate create rights in the destination OU and Delete
rights in the source OU for the particular object class or for all child
objects.
--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup

Post by Zul
Hi,

Post by Stew Basterash
The User Object in question would have to be deligated rights to both the
source and destination containers in AD... i.e.

I have done that already by using the wizard.."Delegate control..." (right
click the OU).

Post by Stew Basterash
You need to have read/write
computer objects for the default "Computers Container" as well as the
destination OU "Workstations" (or whatever)...

I'm not that sure about the "..read/write computer objects..". Is it under
the Security tab (right click the OU, went to properties, then to the
Read
Write
Special Permission (from the delegation..)
Am I doing the right thing...because I still got the "Access denied"
message..
Thank you.
Rgrds,
Zul

Post by Stew Basterash
The User Object in question would have to be deligated rights to both the
source and destination containers in AD... i.e. You need to have

read/write

Post by Stew Basterash
computer objects for the default "Computers Container" as well as the
destination OU "Workstations" (or whatever)...

Post by Zul
Hi,
I have delegated all the tasks to one of the domain user (just a domain

user

Post by Zul
without the admins rights) to some of the OUs. I can moved users between
each OUs but I can't moved Computer objects, any ideas ? I have also

tried

Post by Stew Basterash

Post by Zul
to give "Full Control" permission (under the Properties -> Security of

the

Post by Stew Basterash

Post by Zul
OUs) to this domain user but still I can't moved the Computer objects.

The

Post by Stew Basterash

Post by Zul
message said that "....Access is denied."
Please help me on this...
Thank you
Rgrds,
Zul

Zul

2004-04-12 04:45:16 UTC

Permalink

Hi again,

Sorry if I keep on disturbing you guys with the same issue but I still can't
get it to work. Chriss, I did add in the permissions for the users
(Properties of the OU -> Security -> Advanced -> Permissions -> Add) Then I
add the user group permission to "Create All Child Objects" and "Delete All
Child Objects".

Is Terminal servicing to the server effect the problem that I have ? Is
giving the permissions to Group typed user effect the permissions ?

Thank you.

Regards,
Zul

Post by Chriss3
Zul. You have to delegate create rights in the destination OU and Delete
rights in the source OU for the particular object class or for all child
objects.
--
Regards
Christoffer Andersson
No email replies please - reply in the newsgroup

Post by Zul
Hi,

Post by Stew Basterash
The User Object in question would have to be deligated rights to both

the