Announcement

Collapse
No announcement yet.

AD object permissions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD object permissions

    ok i am finding this difficult to understand say i have a user named boban he is a member of the sales and marketing OU which also makes him a group memeber of sales and marketing. he has been given delete child objects in the sales OU and create child objects in ther marketing OU.

    My question is can bob create objects in in the sales OU and delete objects in the marketing OU? does AD permissions use the same principal as NTFS vs share permissions?
    Beauty is in the eyes of the beholder

  • #2
    I think we need a few more details of your setup:

    Are the OUs nested?
    OU permissions are inherited down nested OUs so "create" in the parent implies "create" in child but "delete" in child does not imply "delete" in parent.

    OU membership does NOT make someone a group member -- that has to be done explicitly.

    Hope this helps a bit
    Tom
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      this is just something that i am trying to understand for the 70-215 exam, just wondering whether it works the same as ntfs permissions whether the least or most restrictive permission applies to a user or contact object.
      Beauty is in the eyes of the beholder

      Comment


      • #4
        Ah, I see...
        AFAIK create and delete permissions are distinct -- one does not imply the other.

        I'll need to check up and confirm this.

        My previous points about nested OUs still stands

        Tom
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment

        Working...
        X