I was wondering if there was a way in active directory to limit what can be moved to specific containers?
Here's my situation - I work for a company that has 28 plants, all plants have a Domain Controller, and there is a "main" domain controller at the corporate office. Right now, no plant Lead IT Contacts have permission to move, say a new computer that has been built, into their corresponding plant computer container, they have to call up to the corp office and have them do it for them. (These permissions were removed because of the few people who did not double check their actions, and moved the computers into a computer container at a different plant, which of course messed up group policies, etc.) Is there a way to limit what can be moved by using a certain naming convention, or the like?