We have a multi-domain setup & are trying to use AD Delegate Control to manage Admin access around the organisation.
I have delegated control and set the appropriate privileges on several OUs. These privileges have propagated down to the child OUs. However a number of the user objects within the OUs have the Inherit Permissions from Parent unticked. Consequently it doesn’t inherit the privileges set on the OU in which it resides.
Is there a way, when setting Delegate Control, to force Inherit Permissions on child OUs?
NB: We didn't manually remove the Inherit - AD seems to like doing that all by itself, which rather diminishes the usefulness of Delegate Control :-(
One by one, the penguins steal my sanity. X-)
I have delegated control and set the appropriate privileges on several OUs. These privileges have propagated down to the child OUs. However a number of the user objects within the OUs have the Inherit Permissions from Parent unticked. Consequently it doesn’t inherit the privileges set on the OU in which it resides.
Is there a way, when setting Delegate Control, to force Inherit Permissions on child OUs?
NB: We didn't manually remove the Inherit - AD seems to like doing that all by itself, which rather diminishes the usefulness of Delegate Control :-(
One by one, the penguins steal my sanity. X-)