Avatar of SBCC-IT
Flag for United States of America

asked on 

Permissions for computer objects are not inheriting from OU

A group of technicians have been granted all delegation permissions over an OU. When they move Computer objects into the OU, they are unable to move those objects back out again. Any time they attempt to move the computer objects into a sub-OU (that also has Full Control), they receive "Access Denied" errors.

When I look at the permissions of the OU, the users have "Full Control" over the OU. When I look at the computer objects inside the OU, the users' effective permissions are only "Read" on the object itself. It seems to me that the object is not inheriting permissions from the parent OU.

The users are able to create new Computer objects in both the origin and target OUs, and they can delete existing objects in both as well. They're simply unable to move them from one to the other.

Not sure where to start with this one. Any help would be appreciated. Thanks.
Windows Server 2008Active Directory

Avatar of undefined
Last Comment
Seth Simmons

8/22/2022 - Mon