[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2073
  • Last Modified:

Access denied for move object

I have installed Windows server 2003 with 32 bits  , I have delegated access for a group "TIsupport" , with new permission this group can change all object on OUs called Computer-ADM  but don't work , users can't get move the object for other OU, but can disable account machine on OU Computer-ADM . I have set  the permission of OU and all sub-object for  group with all permission, but don't work.. How can solve this problem?


 Thank very much
0
aspenbr
Asked:
aspenbr
  • 2
1 Solution
 
Adam BrownSr Solutions ArchitectCommented:
In order to move objects in AD, users must be given the Delete permission on the OU that they are moving objects from and Write permission on the OU they are moving objects to. Is this how you have it configured?
0
 
Justin OwensITIL Problem ManagerCommented:
abcbrown2010 is correct.  If you only delegated rights for that group to one specific OU, a MOVE would not be allowed, as it requires access to a different OU.  That is by design.  You normally don't want a security group which has delegated rights to OU1 to do anything to OU2.  Thus, you will need someone with higher privileges to make moves when that is necessary.  Inherited permission should allow OU1 delegates to affect sub-OUs of OU1.

Justin
0
 
aspenbrAuthor Commented:
Thank very much for new idea . For solve this problem I set permission for each OU and all sub-objects inside OU.

Thank very much
0
 
aspenbrAuthor Commented:
The solution is solve my problem
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now