Hello,
In my university, I had succesfully
delegated to each admins responsible of their OU the following
tasks:
-> Creste.delete groups.
-> Create/delete computers
-> Create/delete OUs..
-> Only Modify Users properties:
Admins have no right to create/delete users because this task is done
by our MIIS 2003.
BUT, i noiticed that in some OUs, users are
still created manually, and after searching, it was due to the fact that admins
have the rights to create child OUs, they become automatically the owner of
their OU so they can easily modify the ACLs to have full control
.. :(
So my question : is there a way to
grant them create/delete OU without having them to be the owner of
their OU ?
I did not find a set of properties in
dssec.dat concerning my needs.
Thanks for input.
Cheers,
Yann
