Hi @Martyn Poiney
It is missing the write permission to let the service account able to modify objects:
Please don't forget to mark helpful answer as accepted
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
After some advice - We've create a service account which has been granted rights to a Test OU folder. It has Read and Write permissions as well as just about every other permission box ticked.
The account can create and delete objects within the Test OU but when it comes to modifying an object (a description or address for example) its greyed out in ADUC. Powershell under the account state it doesn't have the permissions to modify.
Is there something I'm missing?
Hi @Martyn Poiney
It is missing the write permission to let the service account able to modify objects:
Please don't forget to mark helpful answer as accepted
Hello there,
Have you delegated any specfic permissions?
The fastest course of action would be to request for one of the domain admins to modify the security tab of the AD account and grant the appropriate permissions for others who need the ability to edit. You may also need to modify the security of the parent OU if the account is inheriting permissions from that OU.
Domain accounts utilize the NTFS security model much like a Windows file server. The difference is only with the kinds of permissions (i.e. ACE) that can be set on an account vs. a file/folder.
You could also manually delegate permission for the users to modify the OU.
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer–