[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


AD delegation question/problem

Posted on 2004-10-28
Medium Priority
Last Modified: 2013-12-04
Question about delgating rights to an OU in Active Directory.  I delegated rights to XYZ user to create/delete computer object to this object and all child objects in an OU.  XYZ user can create and delete computer objects that it creates.  The problem that I am having is that if another user creates a computer object in the same OU, XYZ can't delete or reset the computer account.  

Question by:kck7
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 16

Accepted Solution

JamesDS earned 500 total points
ID: 12436892
This is because you didn't enforce inheritance.

In AD Users and computer tool, click view and advanced features
Rightclick on the OU you have delegated access to and select properties
In the security tab, press advanced and select the check box at the bottom of the dialog that refers to "Allow inheritable permissions..."

This will ensure that each NEW object that is created will inherit the rights from the OU container itself - so provided you have configred the rights correctly user XYZ will automatically get the rights over the new objects.



Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question