Active Directory OU Special Permissions

Posted on 2008-11-07
Last Modified: 2013-12-05

We are using Windows 2003 DC's.

One of our OU's have several containers within it. One of those containers, Container1,  has Special Permissions assigned to Group1.
I need to apply these same permissions to another container, Container2, within the same OU.

Could someone tell me the best way to do this?

Question by:kam_uk
    LVL 57

    Expert Comment

    by:Pete Long
    Hello kam_uk,

    What permissions? do you mean delegated permissions?

    There are times when you want to give a particular user/group, rights to do mundane tasks
    like unlock accounts reset passwords etc but you DONT (for obvious reasons) want to put
    them in the domain admins group. The simplest solution is to put the users into the "account
    operators" group, the drawback of this is they then have those rights across the ENTIRE DOMAIN.

    A more practical solution is to use the built in delegation of control wizard, for example
    if your finance department want a user or group of users to be able to manage THEIR user
    accounts only then simply create a finance OU (organisational Unit) in active directory
    (in AD users and computers > right click [yourdomain] > new > Organisational unit)

    Move the user objects into this OU (select the user(s) right click >move)

    Decide weather its an individual user you want to grant rights to or a group of users. If
    its a group create a group (in the OU you created) and put in the users who need the rights.

    Now simply right click the new OU and select "Delegate control" follow the on screen wizard
    and give the appropriate rights to the group or user.

    Delegation of Control

    Step-by-Step Guide to Using the Delegation of Control Wizard


    LVL 3

    Author Comment

    Hi Pete

    Sorry, I mean Security Permissions on the container!
    LVL 3

    Author Comment

    Any idea?

    Do I need to copy all the relevant Security permissions manually and apply them on the other container?
    LVL 57

    Expert Comment

    by:Pete Long
    why do you need custom permissions on the OU what are you trying to achieve?
    LVL 3

    Author Comment

    Just copy them group has special permission applied to an OU, i need to have the same special permissions applied to another group
    LVL 2

    Accepted Solution

    Probably easiest to do it manually, have two screen up - one each for the properties of each OU!

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now