We have 1 DC in our Head Office and 4 DC's in different branch offices.All the DCs are running Windows Server 2008 R2 and all are connected through MPLS Network. We have created different OU for each branch and users are created there.
I would like to restrict permissions on OU wise in servers. For example branch1 Administrator should have rights only for his OU. He should create users only in that OU, he should not do any changes in other OU's.
I have right clicked on the OU and delegated control to a user that I need to administer that OU. But still I’m unable to access any DC through mstsc using this user. I’m receiving the following message while login thru mstsc “The connection was denied because the user account is not authorized for remote login”