Re: [ActiveDir] Rights for Authorizing DHCP Server

[Paul Williams]

You don't even need full control (an error in Microsoft's documentation if you ask me).  You just need create and delete dHCPClass objects in that container.   You need to do this via ADSIEDIT, DSACLS, LDP or code.     Note.  If I remember correctly, some of the behaviour changed between 2k and k3 here.  One (I think it's 2k) requires modify on the default dHCPClass object in that container (all from memory so I might be a little off base) as it uses a multi-valued attribute instead of new objects per authorised server.     --Paul   ----- Original Message ----- From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Tuesday, July 11, 2006 8:38 AM Subject: RE: [ActiveDir] Rights for Authorizing DHCP Server You will need EA rights. The admin needs write access in the Config partition so child domain DA rights will *not* suffice.   It is also possible to delegate the right - grant FC access in: CN=NetServices,CN=Services,CN=Configuration,DC=xxx,DC=yyy using adsiedit or similar.   hth, neil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Clay, Justin (ITS) Sent: 10 July 2006 19:20 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Rights for Authorizing DHCP Server I seem to be finding conflicting posts and articles on this subject. Are Enterprise Admin rights required to authorize a DHCP server in a child domain? Can a Domain Admin authorize a DHCP server in his own child domain?   Thanks all!     Justin Clay ITS Enterprise Services Metropolitan Government of Nashville and Davidson County Howard School Building Phone: (615) 880-2573   ITS ENTERPRISE SERVICES EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies.