We help IT Professionals succeed at work.

Active Directory Users and Computers

107 Views
Last Modified: 2016-01-18
I have created a group (IT_Admin) to allow them to have the same rights as a domain admin in AD without adding the users to the domain admin group but the permissions are not being inherited.

Using the AD delegate control process (or just adding the IT_Admin group to the security permissions) at the top level domain isnt pushing the permissions down.
I have checked and all the OUs beneath this have the "Include inheritable permissions from this objects parent" ticked.

On checking a child OUs permissions the new group is listed but none of the permission boxes are checked.

I cannot see a way to force the permissions through the child OUs and objects
Comment
Watch Question

Ganesamoorthy STech Lead

Commented:
Check "this object and all child object" is selected on the advance OU security permission, then only the permission will apply to child objects
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Top Expert 2012

Commented:
Just make that IT_Admin member of Domain Admins group
Do not try to manipulate the permissions on the OU structure you may end up breaking something else
LearnctxEngineer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.