http://social.technet.microsoft.com/wiki/contents/articles/20747.delegate-moving-user-group-and-computer-accounts-between-organizational-units-in-active-directory.aspx
| Object | Organizational Unit | Permission Tab | Apply to | Permission |
| User | Source Organizational Unit | Object | This object and all descendant objects | Delete User objects |
| Properties | Descendant User objects | Write Distinguished Name |
| Properties | Descendant User objects | Write name |
| Properties | Descendant User objects | Write Name |
| Destination Organizational Unit | Object | This object and all descendant objects | Create User objects |
| Group | Source Organizational Unit | Object | This object and all descendant objects | Delete Group objects |
| Properties | Descendant Group objects | Write Distinguished Name |
| Properties | Descendant Group objects | Write name |
| Properties | Descendant Group objects | Write Name |
| Destination Organizational Unit | Object | This object and all descendant objects | Create Group objects |
| Computer | Source Organizational Unit | Object | This object and all descendant objects | Delete Computer objects |
| Properties | Descendant Computer objects | Write Distinguished Name |
| Properties | Descendant Computer objects | Write name |
| Properties | Descendant Computer objects | Write Name |
| Destination Organizational Unit | Object | This object and all descendant objects | Create Computer objects |
沒有留言:
張貼留言