- Use ADSIEdit/open "Default naming context".
- Navigate to Computers container/Security/Advanced.
- Desired group along with obvious permissions ("Delete Computer Objects" for "This object only", "List contents", "List object" and "Read all properties" for "This object only") needs to have "Allow" permission for "Write all properties" for "Descendant Computer objects".
Thursday, May 28, 2015
Granular permissions to move Computer Objects out of Computers Container in Active Directory
To configure granular permissions to move computer objects out of Computers container in Active Directory follow the steps:
Subscribe to:
Posts (Atom)