Hi @jihad majed
There is no undelete permission but you can select delete permission and choose deny.
In target OU , go to security Tab then click on advanced to be able to add or edit custom permission:
Please don't forget to accept helpful answer
active directory -grant permission to undelete user only move and create
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 36%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
jihad majed
520
Reputation points
I try to give user permission in an active directory to create users and move between them, but do not delete them. When I delegate control to some group, I do not have the option to undelete users.
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Answer accepted by question author
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Thameur-BOURBITA 36,506 Reputation points Moderator2024-03-27T11:30:26.76+00:00
-
jihad majed 520 Reputation points
2024-03-27T12:37:10.1533333+00:00 i checked the same but still can remove any user
-
Thameur-BOURBITA 36,506 Reputation points Moderator
2024-03-27T14:34:54.3533333+00:00 Try to check if there is another delete permission already configured that can overwrite the deny.
Please don't forget to accept helpful answer
-
jihad majed 520 Reputation points
2024-03-28T08:21:11.1633333+00:00 If you see here, all the delete options are off, but where can I find them if I overwrite as you tell me?
-
Thameur-BOURBITA 36,506 Reputation points Moderator
2024-03-28T15:31:58.7366667+00:00 Should be ok
Sign in to comment -
1 additional answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Marcin Policht 77,665 Reputation points MVP Volunteer Moderator2024-03-27T11:13:56.4633333+00:00 Use Delegation of Control Wizard. This can be VERY granular. More at https://learn.microsoft.com/en-us/answers/questions/973272/delegate-help-desk-users-permission-to-move-users
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin