troubleshooting Question

Permissions for computer objects are not inheriting from OU

Avatar of SBCC-IT
SBCC-ITFlag for United States of America asked on
Windows Server 2008Active Directory
4 Comments1 Solution138 ViewsLast Modified:
A group of technicians have been granted all delegation permissions over an OU. When they move Computer objects into the OU, they are unable to move those objects back out again. Any time they attempt to move the computer objects into a sub-OU (that also has Full Control), they receive "Access Denied" errors.

When I look at the permissions of the OU, the users have "Full Control" over the OU. When I look at the computer objects inside the OU, the users' effective permissions are only "Read" on the object itself. It seems to me that the object is not inheriting permissions from the parent OU.

The users are able to create new Computer objects in both the origin and target OUs, and they can delete existing objects in both as well. They're simply unable to move them from one to the other.

Not sure where to start with this one. Any help would be appreciated. Thanks.
ASKER CERTIFIED SOLUTION
wbsn

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros