I am facing a strange issue with delegation of rights. We have a requirement to delegate the permission to a user account on OU to create computer accounts. Same has been provided but the issue is that if the user is creating a computer account then he is able to delete that as well. But he is not able to delete the other computer accounts which are there in that OU. When I check the Effective Permssion of that user on the computer account which he is creating we can see that he is having Deletion rights. I have thoroughly checked the permission on parent OU's but there is no right for that user.
I have done the testing with different user accounts on different OU's but the result is same. I have tried to give the delegation for creating user account but in that case the user accounts are not getting deleted with delegated account.
The issue is happening with only computer accounts. I have also checked the group membership of the user to make sure he is not getting access due to some group membership. Also there is no creator owner access on the OU.
When I check the owner of the account which is created by delegated ID I found that he is the owner.