Link to home
Get AccessLog in
Avatar of fruitloopy
fruitloopy

asked on

Active Directory Users and Computers

I have created a group (IT_Admin) to allow them to have the same rights as a domain admin in AD without adding the users to the domain admin group but the permissions are not being inherited.

Using the AD delegate control process (or just adding the IT_Admin group to the security permissions) at the top level domain isnt pushing the permissions down.
I have checked and all the OUs beneath this have the "Include inheritable permissions from this objects parent" ticked.

On checking a child OUs permissions the new group is listed but none of the permission boxes are checked.

I cannot see a way to force the permissions through the child OUs and objects
Avatar of Ganesamoorthy S
Ganesamoorthy S

Check "this object and all child object" is selected on the advance OU security permission, then only the permission will apply to child objects
ASKER CERTIFIED SOLUTION
Avatar of McKnife
McKnife
Flag of Germany image

Link to home
membership
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access
Just make that IT_Admin member of Domain Admins group
Do not try to manipulate the permissions on the OU structure you may end up breaking something else
SOLUTION
Link to home
membership
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access