We have a Windows 2008R2 server which runs Active Directory on it, I have written a C# application that will allow the IT staff to add new users to AD from it. I have no problems creating or updating users but when it comes time to add them to different security groups I am running into permission problems. After working with IT we found that I need to have Read, Write, Create Child Objects, and Delete Child Objects. This is now working fine when we specify these permissions directly to the security group but if we apply these same permissions at the OU level then I am unable to modify the members of individual groups. Can anyone help us figure out what permissions needed to be granted at the OU level so that I can add/remove members from any group in that OU?
Apply permission from OU level to all child objects in AD
active-directorypermissionswindows-server-2008-r2
Related Topic
- Linux Web Server – Proper Permissions for Website Files and Folders
- Windows NTFS Permissions replacing child objects bulk
- Effective Permissions displays incorrect information
- Can’t delete Active Directory object
- Ldap – AD LDS – LDAP – How to set group’s rights on container
- Server 2012 NTFS group permissions not working in domain
- Windows – apply permission to child folders while keeping existing permissions
Best Answer
An Access Control Entry is needed to grant the specified security principal permission on Descendant Group Objects to update the member attribute: