How do you delete a MSMQ object in AD
Posted on 2011-02-23
I am trying to set up our Help Desk members to be able to delete Computer accounts in AD. I set up the necessary permissions and they keep getting access denied. Long story short, all our Computer objects have a child object called MSMQ (cn=msmq) and this is causing the access denied problems. I proved this by using ADSIEdit to delete this msmq child object and after that, the Help Desk was able to delete the Computer object. My question is what right or permission do I need to grant them to also delete the MSMQ object along with the Computer object. I have been experimenting with just about every right and nothing works, or, is it a right problem at all but something else that needs to be done. I certainly can't use ADSIEdit every time they need to delete a Computer object.