AD permissions for Service account - it can create and delete within the right OU but can't edit anything?

Martyn Poiney 0 Reputation points
2023-01-31T10:00:40.84+00:00

After some advice - We've create a service account which has been granted rights to a Test OU folder. It has Read and Write permissions as well as just about every other permission box ticked.

The account can create and delete objects within the Test OU but when it comes to modifying an object (a description or address for example) its greyed out in ADUC. Powershell under the account state it doesn't have the permissions to modify.

Is there something I'm missing?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,887 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Thameur-BOURBITA 35,511 Reputation points
    2023-01-31T12:08:25.4433333+00:00

    Hi @Martyn Poiney

    It is missing the write permission to let the service account able to modify objects:

    User's image

    Please don't forget to mark helpful answer as accepted

    0 comments No comments

  2. Limitless Technology 44,526 Reputation points
    2023-02-02T08:58:37.5333333+00:00

    Hello there,

    Have you delegated any specfic permissions?

    The fastest course of action would be to request for one of the domain admins to modify the security tab of the AD account and grant the appropriate permissions for others who need the ability to edit. You may also need to modify the security of the parent OU if the account is inheriting permissions from that OU.

    Domain accounts utilize the NTFS security model much like a Windows file server. The difference is only with the kinds of permissions (i.e. ACE) that can be set on an account vs. a file/folder.

    You could also manually delegate permission for the users to modify the OU.

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.