zenworksb
asked on
migration issue on rights to ou
i have a 2003 ad domain at a client they have all there users in one ou, but dont want to give full rights to the ou. Could they not just create a sub ou for the users in the users ou and give full rights to that?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
oBdA: I don't know how you answered that, I couldn't figure out the question! ;)
LOL, he is famous for that.
you can delegate permissions on OU's by right-clicking and selecting delegate control. If that is what you are trying to do.
Well, I *did* have to read it several times...
zenworksb,
a possible problem with moving some users to a sub OU might come up with LDAP queries (scripts or third-party products) that are querying a certain OU for user authentication, and do not query sub-OUs.
Group policies will stay the same (if inheritance isn't blocked on the sub-OU, obviously).
zenworksb,
a possible problem with moving some users to a sub OU might come up with LDAP queries (scripts or third-party products) that are querying a certain OU for user authentication, and do not query sub-OUs.
Group policies will stay the same (if inheritance isn't blocked on the sub-OU, obviously).
Well, we can mitigate all of that by begging the question, what are you setting permissions for?