Solved

Active Directory Permission Group Issue

Posted on 2006-06-26
5
152 Views
Last Modified: 2013-12-04
Our organization has a group of Service Techs that are allowed to reset passwords, add computers to the domain, Make changes within their own OU but not other OU's. I am trying to set it so the service techs are not allowed to Create or Delete users but do everything else with in their own OU. Any suggestions on specific deny's?
0
Comment
Question by:phil1429
5 Comments
 

Accepted Solution

by:
mteske earned 84 total points
ID: 16984983
Right click on the OU, select Delegate control, specify the Tech group and you can basically give them any permission needed to perform their tasks...you can get as finite as just allowing them to simply change fax numbers...of course, this is a wizard...

m
0
 
LVL 16

Assisted Solution

by:mdiglio
mdiglio earned 83 total points
ID: 16987141
Hello,

This will make more sense after you step through it once.

Open AD Users and Computers > click view > make sure 'Advanced Features' is checked
Right click on the OU > properties >  'security' tab > 'advanced' button.
Now locate the Tech Group and edit the listing that gives them the create ability.

You can give them the deny permission for creating user accounts like you said
or you can remove the create permission and that should be enough
0
 
LVL 9

Assisted Solution

by:rpartington
rpartington earned 83 total points
ID: 16996670
http://www.experts-exchange.com/Operating_Systems/Q_21605914.html
Same as the 2 above for a similar query amy help you understand it.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question