Solved

cannot move AD user object to a new OU,  access is denied

Posted on 2016-08-26
6
61 Views
Last Modified: 2016-08-26
Trying to move a user object from one OU to another OU.  I get an access denied alert when trying.  This is not an issue with other user objects.  How do i check the security settings of the user object, (User account)?  This has not been an issue in the past with other users.  This particular user has been with the company for 20+ years so,  the object is very old.

Im a domain admin,  checked the permissions of both OU's and Domain Admins are allowed full access.
0
Comment
Question by:dmenck
  • 3
  • 3
6 Comments
 
LVL 16

Expert Comment

by:FOX
Comment Utility
In Active Directory users and computer right-click the user click the object tab and check to see if there is a check mark in PREVENT FROM ACCIDENTAL DELETION.  If there is Uncheck it, move the user then check it back.  

**Your view in Active Directory users and computers should have advanced features turned on and show objects as containers**
0
 

Author Comment

by:dmenck
Comment Utility
"PREVENT FROM ACCIDENTAL DELETION"  is not checked.  sorry I looked at that earlier and should have added it to the original message.
0
 
LVL 16

Accepted Solution

by:
FOX earned 500 total points
Comment Utility
Right-click that user, select the security tab and make sure "Domain Admins" is in there.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:dmenck
Comment Utility
lol,  sometimes we overthink the obvious.  
That was it!  
Thanks for the assist.
Have a great day.
0
 
LVL 16

Expert Comment

by:FOX
Comment Utility
Good work
1
 

Author Closing Comment

by:dmenck
Comment Utility
Thanks for your help Foxluv!!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now