Solved

Need help delegating permissions in AD

Posted on 2008-10-01
1
237 Views
Last Modified: 2012-05-05
I want to give a group permission to:

Join a PC to the domain
Move the PC to a different location in AD

I have read another question here which suggests I need to give the group rights to Create Computer Objects and Delete Computer Objects at both the default "Computers" OU and the OU I want the group to move the computer to

Can join PC to domain, but not move PC to different OU

Any ideas?
0
Comment
Question by:Jammydixon2k
1 Comment
 
LVL 4

Accepted Solution

by:
cybersean earned 500 total points
ID: 22619804
Try these steps to delegate controll (perform on both OUs).  Note, I have reset password in there, but you can probably leave that step out.

Active Directory Users and Computers
1.      Right-click Computers and click Delegate Control
2.      Click Next
3.      Click Add
4.      Enter YourGroupName Group
5.      Click Next
6.      Highlight Create a custom task to delegate
7.      Click Next
8.      Highlight Only the following objects in the folder
9.      Check Create selected objects in this folder
10.      Check Delete selected objects in this folder
11.      Click Next
12.      Check Read All Properties
13.      Check Write All Properties
14.      Check Reset Password
15.      Check Read and Write Account Restrictions
16.      Check Validated Write to DNS Host Name
17.      Check Validated Write to Service Principal Name
18.      Click Finish
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question