Options
Active Directory permissions
Here's my problem - I work for a large business, a division of a larger business, which is a part of a HUGE corporation. I've been trying to get permissions to move objects from one OU to another, because when we reimage a machine, it gets placed in the larger business automatically until it gets moved to the respective sub-business. I've been told I have the needed permissions, and I can add or delete items in the OU of the parent company, plus add, delete or move objects in my company's OU. But I can't move from the parent OU into the sub-business OU. (Our servers are maintained at the Corporate level).
Any ideas? They have deleted and re-added, in case the replication didn't work, but there's still no joy in Mudville.
TIA
Edit: Server 2003
Any ideas? They have deleted and re-added, in case the replication didn't work, but there's still no joy in Mudville.
TIA
Edit: Server 2003
Famous last words of a redneck - "Hey ya'll, watch this!"
Comments
-
Options
Tyrant1919
Member Posts: 519 ■■■□□□□□□□
Upgrade from hamsters to monkeys.... I dunno. Sounds like you should have it. Maybe somebody gave you permissions that don't know what they're doing. (Like me)A+/N+/S+/L+/Svr+
MCSA:03/08/12/16 MCSE:03s/EA08/Core Infra
CCNA -
Options
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
What error/message do you get?
Is there anything in the event log? -
Options
laneh
Member Posts: 61 ■■□□□□□□□□
The error is "Access is denied". I don't know what the error log says - I'll have to check that out. It's a B**** 'cuz it's controlled from Mexico. Oh, well, "onward through the fog".Famous last words of a redneck - "Hey ya'll, watch this!" -
Optionsfamosbrown
Member Posts: 637
The problem is that when the permissions were set at the parent OU, the child OU's did not inherit. I've seen these plenty of times when permissions are given using the DACL instead of the Delegate Control Wizard. have the responsible parties check the child OU's to ensure the permissions were inherited.B.S.B.A. (Management Information Systems)
M.B.A. (Technology Management) -
Options
blargoe
Member Posts: 4,174 ■■■■■■■■■□
Are you able to view the "effective permissions" for your account for the parent ou and the sub-business ou? You have to have use Advanced Settings from the View menu to see the Security tab, then right click on the ou, properties, security, advanced, effective permissions.IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
OptionsSie
Member Posts: 1,195
famosbrown wrote:The problem is that when the permissions were set at the parent OU, the child OU's did not inherit. I've seen these plenty of times when permissions are given using the DACL instead of the Delegate Control Wizard. have the responsible parties check the child OU's to ensure the permissions were inherited.
My first thought would be this aswell, have seen it myself with non inheritance of permissions by child OU's.
Let us know what they find.Foolproof systems don't take into account the ingenuity of fools
