How can i restrict helpdesk staff from deleting,renaming or moving an OU?
Posted on 2007-09-29
In our AD environment , the helpdesk staff have rights to manage both OUs and user accounts. We want to restrict their rights to user accounts alone. They shuld not be able to delete,rename, move an OU. while they should be able to do all these operations in user accounts. We cannot use the built in group "account operators" for this purpose as we do not have rights to add users to this group. Can restrict the rights by setting permissions in OU . If so what all permissions need to be set? Kindly advice