Solved

Access denied for move object

Posted on 2010-09-20
4
1,990 Views
Last Modified: 2012-06-22
I have installed Windows server 2003 with 32 bits  , I have delegated access for a group "TIsupport" , with new permission this group can change all object on OUs called Computer-ADM  but don't work , users can't get move the object for other OU, but can disable account machine on OU Computer-ADM . I have set  the permission of OU and all sub-object for  group with all permission, but don't work.. How can solve this problem?


 Thank very much
0
Comment
Question by:aspenbr
  • 2
4 Comments
 
LVL 38

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 33719386
In order to move objects in AD, users must be given the Delete permission on the OU that they are moving objects from and Write permission on the OU they are moving objects to. Is this how you have it configured?
0
 
LVL 31

Expert Comment

by:DrUltima
ID: 33719578
abcbrown2010 is correct.  If you only delegated rights for that group to one specific OU, a MOVE would not be allowed, as it requires access to a different OU.  That is by design.  You normally don't want a security group which has delegated rights to OU1 to do anything to OU2.  Thus, you will need someone with higher privileges to make moves when that is necessary.  Inherited permission should allow OU1 delegates to affect sub-OUs of OU1.

Justin
0
 
LVL 1

Author Comment

by:aspenbr
ID: 33769959
Thank very much for new idea . For solve this problem I set permission for each OU and all sub-objects inside OU.

Thank very much
0
 
LVL 1

Author Closing Comment

by:aspenbr
ID: 33769974
The solution is solve my problem
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Error login w2012 domain 6 60
Unable to remove HP CP1510 deployed printer 1 41
ADFS / 365 : Multi domain single forest 5 55
Federation ID format? 3 31
One of the most frustrating experiences a help desk technician will ever encounter is when a customer comes to them with a solution of their own invention and expects the tech to implement it. This often happens when people with a little bit of tech…
Note: This is the second blog post in a series on email clearinghouses (https://www.xmatters.com/alert-management/blog-email-has-failed-us?utm_campaign=70138000000ydLoAAI&utm_source=exex&utm_medium=article&utm_content=blog-post).   Every month t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now