Active directory Object Move

Hi All,

I have a requirement that I want to give the delegation to some of my team
members to move the user accounts between OU's but for security reasons I
does not want to give them delete permission on the Source OU. They will have
create rights on the destination OU but no delete rights on the Source OU.

Kindly help me if move can be done without the delete permissions.

Thanks and Regards,

Sukhwinder Singh

Howdie!

Sukhwinder Singh wrote:
> I have a requirement that I want to give the delegation to some of my team
> members to move the user accounts between OU's but for security reasons I
> does not want to give them delete permission on the Source OU. They will have
> create rights on the destination OU but no delete rights on the Source OU.
>
> Kindly help me if move can be done without the delete permissions.

It can't be done like this, if I remember correctly. The users in
question need write permission to the destination OU and delete
permission on the source OU as the move is actually a deletion on the
source and re-creation on the destination OU.

cheers,

Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

to move objects between OUs you need create permissions in the target OU and
delete in the source OU. Therefore what you want is not possible. The only
way I can think of is to use proxy tooling

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"Sukhwinder Singh" <SukhwinderSingh@discussions.microsoft.com> wrote in
message news:FD35801B-1E22-45B9-A348-312AAA27123D@microsoft.com...
> Hi All,
>
> I have a requirement that I want to give the delegation to some of my team
> members to move the user accounts between OU's but for security reasons I
> does not want to give them delete permission on the Source OU. They will
> have
> create rights on the destination OU but no delete rights on the Source OU.
>
> Kindly help me if move can be done without the delete permissions.
>
> Thanks and Regards,
>
> Sukhwinder Singh

Hello Sukhwinder,

No, should not work because an account can only exist once in the enterprise.
So it must be deleted in the source OU and therefore you need the delete
permission.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi All,
>
> I have a requirement that I want to give the delegation to some of my
> team members to move the user accounts between OU's but for security
> reasons I does not want to give them delete permission on the Source
> OU. They will have create rights on the destination OU but no delete
> rights on the Source OU.
>
> Kindly help me if move can be done without the delete permissions.
>
> Thanks and Regards,
>
> Sukhwinder Singh
>