Re: delegating administrative access
From: ptwilliams (ptw2001_at_hotmail.com)
Date: 02/28/05
- Next message: EvanGordey: "Security on Home Directories"
- Previous message: ptwilliams: "Re: Forest, Domain, OU design question"
- In reply to: richierich: "Re: delegating administrative access"
- Next in thread: richierich: "Re: delegating administrative access"
- Reply: richierich: "Re: delegating administrative access"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 28 Feb 2005 21:08:50 -0000
The user also needs administrative permissions and rights on the source
computer.
So, the junior admins needs the create and delete computer object permission
on the OU that the computer is in, and needs to be a member of the local
administrators group on the PC that is being renamed.
-- Paul Williams http://www.msresource.net http://forums.msresource.net "richierich" <rsr2564@hotmail.com> wrote in message news:OxClw1cHFHA.1392@TK2MSFTNGP10.phx.gbl... No, your direction is not correct. The question is, what permissions are needed to rename a computer object in AD? I too thought add/del would work, but it stil gives an access denied when attempting to rename a computer already in AD. -thanks "ptwilliams" <ptw2001@hotmail.com.donotspam> wrote in message news:DC5BBF86-CA90-46EE-BA2A-A10BF1E81CA2@microsoft.com... > That's it. Although he'll also need read, but should have that by > default. > > What isn't working if you've done this? What error are you getting? > > Start by checking that the DHCP Client Service is rset to automatically > start > and is running on the DC; that the DNS zone accepts dynamic updates; and > that > the DC is pointing to itself for DNS. > > Once you've done this, restart netlogon. > > After restarting netlogon, run netdiag /test:dns. > > Run the tests again. > > The missing SPNs is worrying; however, we have to make sure DNS is working > correctly before we can further troubleshoot anything else... > > -- > > Paul Williams > > http://www.msresource.net/ > http://forums.msresource.net/ > > "richierich" wrote: > >> funny, I did that and it did not work. I thought that would be it too. >> mmmmm. anything else to look at? >> >> >> "ptwilliams" <ptw2001@hotmail.com.donotspam> wrote in message >> news:0B7B022D-B104-44EC-A40B-8552CFE55971@microsoft.com... >> > Load ADU&C (dsa.msc) and select Advanced Features from the View >> > drop-down >> > menu. >> > >> > Then right-click the container or OU that you wish to configure the >> > delegation on and choose properties. In the properties tab, choose >> > Security >> > and then Advanced. In the Access Control Settings for <OU Name> choose >> > add, >> > add the user name, and then in the Permission Entry for <OU Name> >> > select >> > the >> > following Allow permissions: >> > >> > Create Computer Objects >> > Delete Computer Objects >> > >> > >> > Hope this helps, >> > >> > -- >> > >> > Paul Williams >> > >> > http://www.msresource.net/ >> > http://forums.msresource.net/ >> > >> > "richierich" wrote: >> > >> >> I want to delegate admin tasks to a jr admin. I want him specifically >> >> to >> >> be >> >> able to rename computer objects in my domsin. what settings do I need >> >> to >> >> check to allow this? I did the delegation wizard, but it is not that >> >> granular in its use. >> >> >> >> -thanks >> >> >> >> >> >> >> >> >>
- Next message: EvanGordey: "Security on Home Directories"
- Previous message: ptwilliams: "Re: Forest, Domain, OU design question"
- In reply to: richierich: "Re: delegating administrative access"
- Next in thread: richierich: "Re: delegating administrative access"
- Reply: richierich: "Re: delegating administrative access"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
