• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1511
  • Last Modified:

Active Directory OU Special Permissions


We are using Windows 2003 DC's.

One of our OU's have several containers within it. One of those containers, Container1,  has Special Permissions assigned to Group1.
I need to apply these same permissions to another container, Container2, within the same OU.

Could someone tell me the best way to do this?

  • 3
  • 2
1 Solution
Pete LongTechnical ConsultantCommented:
Hello kam_uk,

What permissions? do you mean delegated permissions?

There are times when you want to give a particular user/group, rights to do mundane tasks
like unlock accounts reset passwords etc but you DONT (for obvious reasons) want to put
them in the domain admins group. The simplest solution is to put the users into the "account
operators" group, the drawback of this is they then have those rights across the ENTIRE DOMAIN.

A more practical solution is to use the built in delegation of control wizard, for example
if your finance department want a user or group of users to be able to manage THEIR user
accounts only then simply create a finance OU (organisational Unit) in active directory
(in AD users and computers > right click [yourdomain] > new > Organisational unit)

Move the user objects into this OU (select the user(s) right click >move)

Decide weather its an individual user you want to grant rights to or a group of users. If
its a group create a group (in the OU you created) and put in the users who need the rights.

Now simply right click the new OU and select "Delegate control" follow the on screen wizard
and give the appropriate rights to the group or user.

Delegation of Control

Step-by-Step Guide to Using the Delegation of Control Wizard


kam_ukAuthor Commented:
Hi Pete

Sorry, I mean Security Permissions on the container!
kam_ukAuthor Commented:
Any idea?

Do I need to copy all the relevant Security permissions manually and apply them on the other container?
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Pete LongTechnical ConsultantCommented:
why do you need custom permissions on the OU what are you trying to achieve?
kam_ukAuthor Commented:
Just copy them across...one group has special permission applied to an OU, i need to have the same special permissions applied to another group
Probably easiest to do it manually, have two screen up - one each for the properties of each OU!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now