I have 2 sub OU's and I have delegated permissions to both OU's the same way. I went through ADUCs and went through the delegation wizard. I gave a group create/delete permissions as well as write for computer objects. The goal here was to give my Help Desk staff the ability to move machine between these 2 OU's. On one of the OU's they can move computers in an out. the other one they get an access denied error. This is where it gets strange. If I make a sub OU in the OU that is currently not working everything works in the sub OU's. I used powershell to get the ACL on the OU's and I found that the following is missing on the OU that is not working:
ActiveDirectoryRights : WriteProperty
InheritanceType : Descendents
ObjectType : bf96791e-0de6-11d0-a285-00aa003049e2
InheritedObjectType : bf967a86-0de6-11d0-a285-00aa003049e2
ObjectFlags : ObjectAceTypePresent, InheritedObjectAceTypePresent
AccessControlType : Allow
IdentityReference : Domain\Group
IsInherited : False
InheritanceFlags : ContainerInherit
PropagationFlags : InheritOnly
Since I went through the wizard on both OU's and selected the exact same settings I am not sure why this is missing on this one OU only. Here is a bit of a diagram to help explain my situation:
*Main OU
*Sub OU 1 - Delegated permissions here - Cannot manage computer objects here
*TestSubOU - We can manage computer objects here
*Sub OU2 - Delegated Permissions here - Can Manage computer objects here
The above posted ACL is what is missing from the OU that our help desk cannot manage. I am wondering if there is something corrupt on the OU that is not working.
Thanks,
Scott
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 34%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
