In order to move an object in DS, you need the following three permissions:
1) DELETE_CHILD on the source container or DELETE on the object being moved 2) WRITE_PROP on the object being moved for two properties: RDN (name) and CN (or whatever happens to be the rdn attribute for this class, i.e. ou for org units). 3) CREATE_CHILD on the destination container. Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : <see sender address> ________________________________ From: [EMAIL PROTECTED] on behalf of Kennedy, Jim Sent: Wed 2006-08-30 21:16 To: [email protected] Subject: [ActiveDir] Moving user accounts. I am I correct that to delegate moving user accounts from OU to OU I will have to allow them the ability to delete accounts. It appears accounts work similar to documents, a move is really a copy then delete. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
<<winmail.dat>>
