Move Computers Object between two organizational units (OU) - What are the permissions required ?

Today I was playing a bit in my lab with PowerShell and AD Computer Objects.
I automate the daily cleanup of Inactive Computer Object and move them to a specific OU.
This script is running with his own service account, the privileges required are specified below.

Move Computer Object INSIDE an OU:
-Create Computer

Move Computer Object OUTSIDE an OU:
-Delete Computer
-Write All Properties

As an example, here I was using the "Delegation of Control Wizard" to allow the "Move out"

No comments:

Post a Comment