To administer user accounts, groups and computers in the Active Directory (globally or on a selected OUs), please refer to the following table for details:
Operation | Permissions Needed |
---|---|
User Management | |
Create Users | • Must be a member of the built-in Administrators group or Account Operators group, or, • Must have permissions to create, delete, and manage user accounts or equivalent permissions in the relevant OU or container in Active Directory |
Modify Users | • Must be a member of the built-in Administrators group or Account Operators group, or, • Must have permissions to create, delete, and manage user accounts or equivalent permissions in the relevant OU or container in Active Directory Note: It is also possible to grant the permissions to modify on specific attributes instead of the object as a whole |
Delete Users | • Must be a member of the built-in Administrators group or Account Operators group, or, • Must have permissions to create, delete, and manage user accounts or equivalent permissions in the relevant OU or container in Active Directory |
Computer Management | |
Create Computers | • Must be a member of the built-in Administrators group or Account Operators group, or, • Must have the ‘Computer Objects – Create selected objects in this folder’ permission, or an equivalent permission in the relevant OU or container in Active Directory |
Modify Computers | • Must be a member of the built-in Administrators group or Account Operators group, or, • Must have the ‘Computer Objects – Create selected objects in this folder: with write permission’, or an equivalent permission in the relevant OU or container in Active Directory |
Delete Computers | • Must be a member of the built-in Administrators group or Account Operators group, or, • Must have the ‘Computer Objects – Delete selected objects’ permission, or an equivalent permission in the relevant OU or container in Active Directory |
Group Management | |
Create Groups | • Must be a member of the built-in Administrators group or Account Operators group, or, • Must have the ‘Create, manage and delete user groups’ permission, or an equivalent permission in the relevant OU or container in Active Directory |
Modify Groups | • Must be a member of the built-in Administrators group or Account Operators group, or, • Must have the ‘Create, manage and delete user groups’ permission, or an equivalent permission in the relevant OU or container in Active Directory |
Delete Groups | • Must be a member of the built-in Administrators group or Account Operators group, or, • Must have the ‘Create, manage and delete user groups’ permission, or an equivalent permission in the relevant OU or container in Active Directory |
Post your comment on this topic.