Permissions neccessary to move user objects between OUs

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Can anyone tell me what permissions are necessary in order to move a user
object between OUs in active directory? I'm specifically wondering if the
create and delete user objects right is required but I'd appreciate it if
anyone can either enumerate the rights or point me somewhere to find them.
Thanks in any case.

---
Jason Edelen
jedele@lsuhsc.edu

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

In a nutshell, if you want to move items in the DS from one container to
another, you need three permissions:
1) DELETE on the object being moved or DELETE_CHILD on the source container
2) WRITE_PROP on the object being moved for RDN and CN.
3) CREATE_CHILD on the target container

I'd swear Dmitri posted on this very topic once before....ah yes, here it
is.
http://groups.google.com/groups?q=dmitrig+delete+move+OU&hl=en&lr=&ie=UTF-8&selm=%23cfpGBo3CHA.2576%40TK2MSFTNGP11.phx.gbl&rnum=1

Ah he noted something I forgot.....be sure to note his #2 with the example
for OU.



--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Jason Edelen wrote:
> Can anyone tell me what permissions are necessary in order to move a user
> object between OUs in active directory? I'm specifically wondering if the
> create and delete user objects right is required but I'd appreciate it if
> anyone can either enumerate the rights or point me somewhere to find them.
> Thanks in any case.
>
> ---
> Jason Edelen
> jedele@lsuhsc.edu
>
>