Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 HALP! Questions on Windows and Windows Server
 Active Directory
 Rights to move object between OU's		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

sixdoubleo
Old Timer

USA
739 Posts
Status: offline
Posted - 08/19/2008 :  2:12:34 PM  Show Profile  Click to see sixdoubleo's MSN Messenger address  Send sixdoubleo a Yahoo! Message  Reply with Quote
I'd like to grant somebody the ability to move objects (mainly users and computers) between a specific sub-set of OU's but have been unsuccessful in getting them this permission without giving them add/delete permission.

Anybody know the least privilege I can give somebody to grant this ability?

sixdoubleo
Old Timer

USA
739 Posts
Status: offline
Posted - 08/19/2008 :  2:19:09 PM  Show Profile  Click to see sixdoubleo's MSN Messenger address  Send sixdoubleo a Yahoo! Message  Reply with Quote
Well, it looks like you do need add and delete. http://blog.joeware.net/2005/07/17/48/

That blows.
Go to Top of Page

Mark Minasi
Chief cook and bottle washer

USA
9668 Posts
Status: offline
Posted - 08/20/2008 :  10:47:37 AM  Show Profile  Visit Mark Minasi's Homepage  Reply with Quote
You do... remember, there's really no such thing as "move" -- atomically, it's a copy and delete.
Mark
tweetin' at mminasi
Go to Top of Page

wkasdo
Administrator

Netherlands
6255 Posts
Status: offline
Posted - 08/20/2008 :  10:53:00 AM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
I see Dave's point, however. From the admin (functional) perspective, a move is different from add/delete. I know there have been some discussions within MSFT about this. But as Mark says, add/delete is the fundamental action. To add an atomic move operation with a new "move" permission would be pretty hard.
Go to Top of Page

sixdoubleo
Old Timer

USA
739 Posts
Status: offline
Posted - 08/20/2008 :  11:42:12 AM  Show Profile  Click to see sixdoubleo's MSN Messenger address  Send sixdoubleo a Yahoo! Message  Reply with Quote
Thanks for the comments guys. I'll just find a different way around this issue.
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Mark Minasi's Reader Forum © 2002-2009 Mark Minasi Go To Top Of Page
This page was generated in 0.12 seconds. Snitz Forums 2000