Announcement

Collapse
No announcement yet.

Restrict OU creation to Domain Admins

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Restrict OU creation to Domain Admins

    Hi, my boss wants to restrict the ability to create OUs to only domain admins. Currently, there are permissions set on several different OUs to allow OU creation to different groups and users. There are too many to count. I thought of denying the right to domain users, but that includes our admin accounts. Any suggestions?

    Thanks!

  • #2
    Re: Restrict OU creation to Domain Admins

    Hi,

    Why don't you remove the 'grant access to create/modify/delete' to mentionned groups/users for the specific OUs ?

    As we don't know the actual state on how you delegated rights on OUs, it would be hard to propose a clear solution.

    You should certainly rework your delegation model...and start to list who needs rights on which objects ...


    Deny access is a pain to manage, I won't suggest you to use it; and especially for debugging when things go wrong.

    LL

    Comment

    Working...
    X