Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Need help delegating permissions in AD

Posted on 2008-10-01
1
Medium Priority
?
251 Views
Last Modified: 2012-05-05
I want to give a group permission to:

Join a PC to the domain
Move the PC to a different location in AD

I have read another question here which suggests I need to give the group rights to Create Computer Objects and Delete Computer Objects at both the default "Computers" OU and the OU I want the group to move the computer to

Can join PC to domain, but not move PC to different OU

Any ideas?
0
Comment
Question by:Jammydixon2k
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 4

Accepted Solution

by:
cybersean earned 2000 total points
ID: 22619804
Try these steps to delegate controll (perform on both OUs).  Note, I have reset password in there, but you can probably leave that step out.

Active Directory Users and Computers
1.      Right-click Computers and click Delegate Control
2.      Click Next
3.      Click Add
4.      Enter YourGroupName Group
5.      Click Next
6.      Highlight Create a custom task to delegate
7.      Click Next
8.      Highlight Only the following objects in the folder
9.      Check Create selected objects in this folder
10.      Check Delete selected objects in this folder
11.      Click Next
12.      Check Read All Properties
13.      Check Write All Properties
14.      Check Reset Password
15.      Check Read and Write Account Restrictions
16.      Check Validated Write to DNS Host Name
17.      Check Validated Write to Service Principal Name
18.      Click Finish
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question