Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Delegation rights for Moving Computers between OU's

Status
Not open for further replies.
goosed

goosed

MIS
Jan 5, 2007
44
US
Hey all, I'm having some issues with my helpdesk guys not being able to move computers between OU's. Here is how I have my permissions configured:


Computers Container
Full Control: Computer Objects
Create/Delete Computer Objects: This object and all child
Write All Properties: This object and all child

Sites OU
Full Control: User Objects
Full Control: Computer Objects
Create/Delete User Objects: This object and all child
Create/Delete Computer Objects: This object and all child
Write All Properties: This object and all child


However when attempting to move a computer from the ComputersContainer to the Sites OU (or vice versa) an Access Denied message is displayed. Can anyone let me know what I may be doing wrong? Thanks.
 
Sort by date Sort by votes
Here are the permissions required:

Source OU:
Write All Properties
Delete Computer Objects

Destination OU:
Create Computer Objects


_______________________________________
Great knowledge can be obtained by mastering the Google algorithm.
 
Upvote 0 Downvote
So does this mean that if a user moves a computer to one OU, he cannot move it back?

I have an OU setup with no GPO's assigned to it so that my Helpdesk staff can work on them without having to worry about restrictions of policies. I'd like to have them move the computer to that OU, and once finished move it to it's final OU.
 
Upvote 0 Downvote
Then for that particular OU I would set the permissions the same as the Source OU above

_______________________________________
Great knowledge can be obtained by mastering the Google algorithm.
 
Upvote 0 Downvote
I have those permissions setup on both the source and destination OU. But when I try to move I get an error.
 
Upvote 0 Downvote
You know I figured it out, but I'm almost too embarrased to say the solution...

Well here goes, please hold your laughter :)

I created a taskpad for the user, and I'm using a test account mirrored to his to test. Since he'll be using the taskpad, I also tested using it. I created a "Move" task, which kept giving me an Access Denied error. For the hell of it (and why I didn't try sooner) I gave it the ol' right-click > Move. Wa-la, it works! So what did I do wrong??

While configuring the taskpad, I chose the command from "Node in the tree" instead of from "Item listed in the results pane". What this meant was that whenever I clicked "Move" it tried to move the whole OU. So after I banged my head a few times, I fixed it and it's working fine.

So frustrating.. but in the end glad I got it working. Thanks for the help all.
 
Upvote 0 Downvote
Awesome, thanks for the solution!

_______________________________________
Great knowledge can be obtained by mastering the Google algorithm.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
261
gbaughma
gbaughma
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
434
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
233
mangentle
mangentle
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
123
StevenFromSouth
StevenFromSouth
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
247
fightaccording
fightaccording

Part and Inventory Search

Sponsor

Back
Top