Re: Computer Objects
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 02/13/05
- Next message: Joe Richards [MVP]: "Re: computers update object property of in AD"
- Previous message: Joe Richards [MVP]: "Re: Authenticating Unix/Linux with 2k3 AD"
- In reply to: Mark Clark: "Computer Objects"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 12 Feb 2005 19:18:00 -0500
In a nutshell, if you want to move items in the DS from one container to
another, you need three permissions:
1) DELETE on the object being moved or DELETE_CHILD on the source container
2) WRITE_PROP on the object being moved for RDN and CN.
3) CREATE_CHILD on the target container
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net Mark Clark wrote: > Hello > I am trying to find the correct permission to delegate the authority to MOVE > computer objects within ADUC. It is obvious that the permission to create and > delete computer objects is available per OU, but I would also like delegate > the authority to move computer objects within AD without giving too many > rights. > > Additionally, is it possible to change the default location for created > computer accounts within AD? Can this change be made within AD? > > Thank you very much for your assistance, > > Mark Clark
- Next message: Joe Richards [MVP]: "Re: computers update object property of in AD"
- Previous message: Joe Richards [MVP]: "Re: Authenticating Unix/Linux with 2k3 AD"
- In reply to: Mark Clark: "Computer Objects"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
