Delegated Users cannot delete computer from Doamin in AD

G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have delegated 3 users to create/delete computers in our domain.
Works fine for any new computers being added and they can delete any
computer originally added by them. However if there are existing
computers in AD that were created by Admins then it appears to the
delegated user that the computer is being deleted but they get an
Access Denied when trying to re-add it. When I look in AD I see that
it actually has not been deleted. I manually delete it and then they
can add it.

How can I fix this problem so they can delete any computer no matter
who originally added it to AD?

Thanks for any help.
Dawn
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

In AD I used the delgate control wizard on my domain and Join a
Computer to Domain was an option. I then edited the security
permissions to also allow delete computer objects.

Thanks
Dawn

ptwilliams wrote:
> How have you delegated the right to delete computer objects?
>
> --
>
> Paul Williams
>
> http://www.msresource.net
> http://forums.msresource.net
>
>
> <dbouton@fuse.net> wrote in message
> news:1102950882.059815.42670@c13g2000cwb.googlegroups.com...
> I have delegated 3 users to create/delete computers in our domain.
> Works fine for any new computers being added and they can delete any
> computer originally added by them. However if there are existing
> computers in AD that were created by Admins then it appears to the
> delegated user that the computer is being deleted but they get an
> Access Denied when trying to re-add it. When I look in AD I see that
> it actually has not been deleted. I manually delete it and then they
> can add it.
>
> How can I fix this problem so they can delete any computer no matter
> who originally added it to AD?
>
> Thanks for any help.
> Dawn
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

How have you delegated the right to delete computer objects?

--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


<dbouton@fuse.net> wrote in message
news:1102950882.059815.42670@c13g2000cwb.googlegroups.com...
I have delegated 3 users to create/delete computers in our domain.
Works fine for any new computers being added and they can delete any
computer originally added by them. However if there are existing
computers in AD that were created by Admins then it appears to the
delegated user that the computer is being deleted but they get an
Access Denied when trying to re-add it. When I look in AD I see that
it actually has not been deleted. I manually delete it and then they
can add it.

How can I fix this problem so they can delete any computer no matter
who originally added it to AD?

Thanks for any help.
Dawn