Re: delegating administrative access
From: richierich (rsr2564_at_hotmail.com)
Date: 02/28/05
- Next message: ptwilliams: "Re: unable to remove domain controller"
- Previous message: ptwilliams: "Re: Where can I find doc's on Forests"
- In reply to: ptwilliams: "Re: delegating administrative access"
- Next in thread: ptwilliams: "Re: delegating administrative access"
- Reply: ptwilliams: "Re: delegating administrative access"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 28 Feb 2005 14:41:01 -0500
No, your direction is not correct. The question is, what permissions are
needed to rename a computer object in AD? I too thought add/del would work,
but it stil gives an access denied when attempting to rename a computer
already in AD.
-thanks
"ptwilliams" <ptw2001@hotmail.com.donotspam> wrote in message
news:DC5BBF86-CA90-46EE-BA2A-A10BF1E81CA2@microsoft.com...
> That's it. Although he'll also need read, but should have that by
> default.
>
> What isn't working if you've done this? What error are you getting?
>
> Start by checking that the DHCP Client Service is rset to automatically
> start
> and is running on the DC; that the DNS zone accepts dynamic updates; and
> that
> the DC is pointing to itself for DNS.
>
> Once you've done this, restart netlogon.
>
> After restarting netlogon, run netdiag /test:dns.
>
> Run the tests again.
>
> The missing SPNs is worrying; however, we have to make sure DNS is working
> correctly before we can further troubleshoot anything else...
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "richierich" wrote:
>
>> funny, I did that and it did not work. I thought that would be it too.
>> mmmmm. anything else to look at?
>>
>>
>> "ptwilliams" <ptw2001@hotmail.com.donotspam> wrote in message
>> news:0B7B022D-B104-44EC-A40B-8552CFE55971@microsoft.com...
>> > Load ADU&C (dsa.msc) and select Advanced Features from the View
>> > drop-down
>> > menu.
>> >
>> > Then right-click the container or OU that you wish to configure the
>> > delegation on and choose properties. In the properties tab, choose
>> > Security
>> > and then Advanced. In the Access Control Settings for <OU Name> choose
>> > add,
>> > add the user name, and then in the Permission Entry for <OU Name>
>> > select
>> > the
>> > following Allow permissions:
>> >
>> > Create Computer Objects
>> > Delete Computer Objects
>> >
>> >
>> > Hope this helps,
>> >
>> > --
>> >
>> > Paul Williams
>> >
>> > http://www.msresource.net/
>> > http://forums.msresource.net/
>> >
>> > "richierich" wrote:
>> >
>> >> I want to delegate admin tasks to a jr admin. I want him specifically
>> >> to
>> >> be
>> >> able to rename computer objects in my domsin. what settings do I need
>> >> to
>> >> check to allow this? I did the delegation wizard, but it is not that
>> >> granular in its use.
>> >>
>> >> -thanks
>> >>
>> >>
>> >>
>>
>>
>>
- Next message: ptwilliams: "Re: unable to remove domain controller"
- Previous message: ptwilliams: "Re: Where can I find doc's on Forests"
- In reply to: ptwilliams: "Re: delegating administrative access"
- Next in thread: ptwilliams: "Re: delegating administrative access"
- Reply: ptwilliams: "Re: delegating administrative access"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
