Need to grant specific rights to computer objects in AD

I am trying to come up with a way to allow Help Desk staff to Add/Remove/Move Computer objects in AD.By move I mean move from one OU to another. I was looking at the Delegation Wizard in ADUC but could not figure it out. I want just these rights and nothing else so if I add a Help Desk member to a group I delegated rights to, that is all they can do.

Active Directory

Last Comment

osiexchange

8/22/2022 - Mon

KenMcF

11/16/2010

You can follow the steps in this link to allow them to add the computers to the doamin. I would recommend creating a secuirty group and adding the group to the GPO. Then add all your help desk users to that group.

http://www.windowsitpro.com/article/domains2/jsi-tip-8144-how-can-i-allow-an-ordinary-user-to-add-a-computer-to-a-domain-.aspx

ASKER CERTIFIED SOLUTION

Mike Kline

11/16/2010

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

GET A PERSONALIZED SOLUTION

Ask your own question & get feedback from real experts

Find out why thousands trust the EE community with their toughest problems.

osiexchange

11/16/2010

ASKER

The newer inf file does add a lot of rights from the default but I did not see anythingi in there about moving a computer object. The miicrosoft article seems to cover moving and removing but not adding.

Do you know if chaniging the inf file does anything to rights already delegated using the old inf file?

This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.

Certified Expert Program

Credly Partnership

Udemy Partnership