OU delegation problem

[Tom Mariani]

Hello:
I am trying to delegate the ability for Non-Domain
Admins to be able to move computers from one OU to
another. I am using the Delegation wizard, but Non DA user
still cannot move object, I recieved permission denied
message. What am I missing?? Thanks in advance.

Tom Mariani

[John Callaway]

The user needs to have permissions to delete the object
from the OU it is being moved from, (read permission is
not sufficient). I have seen this cause problems in the
past.

>.
>

[Jimmy Andersson]

Have you delegated the necessary permissions on both the target and the
source OU?
Enable Advanced View in the MMC, then you'll see the permissons tab if you
open properties on the OU. Make sure that sufficient rights have been set on
both target and source OU.

Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Active Directory
---------- www.qadvice.com ----------

"Tom Mariani" <TMar...@dhs.ca.gov> wrote in message
news:045d01c2ddb6$a3d86750$3301...@phx.gbl...

[Dmitri Gavrilov [MSFT]]

In order to move an object in DS, you need the following three permissions:

1) DELETE_CHILD on the source container or DELETE on the object being moved
2) WRITE_PROP on the object being moved for two properties: RDN (name) and
CN (or whatever happens to be the rdn attribute for this class, i.e. ou for
org units).
3) CREATE_CHILD on the destination container.

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Tom Mariani" <TMar...@dhs.ca.gov> wrote in message
news:045d01c2ddb6$a3d86750$3301...@phx.gbl...