Permissions neccessary to move user objects between OUs

Discussion in 'Active Directory' started by Jason Edelen, Jun 27, 2005.

  1. Jason Edelen

    Jason Edelen Guest

    Can anyone tell me what permissions are necessary in order to move a user
    object between OUs in active directory? I'm specifically wondering if the
    create and delete user objects right is required but I'd appreciate it if
    anyone can either enumerate the rights or point me somewhere to find them.
    Thanks in any case.
    Jason Edelen, Jun 27, 2005
    1. Advertisements

  2. Jason Edelen

    Gautam Anand Guest

    Just FYI,
    You could really just start with minimum perms on the OU for the reqd users
    and then work your way up. Microsoft recommends first starting with
    minimilistic perms and then adding any additional perms are reqd.
    Gautam Anand, Jun 27, 2005
    1. Advertisements

  3. In a nutshell, if you want to move items in the DS from one container to
    another, you need three permissions:
    1) DELETE on the object being moved or DELETE_CHILD on the source container
    2) WRITE_PROP on the object being moved for RDN and CN.
    3) CREATE_CHILD on the target container

    I'd swear Dmitri posted on this very topic once before....ah yes, here it

    Ah he noted something I sure to note his #2 with the example
    for OU.
    Joe Richards [MVP], Jun 27, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.