To administer user accounts, groups and computers in the Active Directory (globally or on a selected OUs), please refer to the following table for details:
| Operation | Permissions Needed |
|---|---|
| User Management | |
| Create Users | • Must be a member of the built-in Administrators group or Account Operators group, or, • Must have permissions to create, delete, and manage user accounts or equivalent permissions in the relevant OU or container in Active Directory |
| Modify Users | • Must be a member of the built-in Administrators group or Account Operators group, or, • Must have permissions to create, delete, and manage user accounts or equivalent permissions in the relevant OU or container in Active Directory Note: It is also possible to grant the permissions to modify on specific attributes instead of the object as a whole |
| Delete Users | • Must be a member of the built-in Administrators group or Account Operators group, or, • Must have permissions to create, delete, and manage user accounts or equivalent permissions in the relevant OU or container in Active Directory |
| Computer Management | |
| Create Computers | • Must be a member of the built-in Administrators group or Account Operators group, or, • Must have the ‘Computer Objects – Create selected objects in this folder’ permission, or an equivalent permission in the relevant OU or container in Active Directory |
| Modify Computers | • Must be a member of the built-in Administrators group or Account Operators group, or, • Must have the ‘Computer Objects – Create selected objects in this folder: with write permission’, or an equivalent permission in the relevant OU or container in Active Directory |
| Delete Computers | • Must be a member of the built-in Administrators group or Account Operators group, or, • Must have the ‘Computer Objects – Delete selected objects’ permission, or an equivalent permission in the relevant OU or container in Active Directory |
| Group Management | |
| Create Groups | • Must be a member of the built-in Administrators group or Account Operators group, or, • Must have the ‘Create, manage and delete user groups’ permission, or an equivalent permission in the relevant OU or container in Active Directory |
| Modify Groups | • Must be a member of the built-in Administrators group or Account Operators group, or, • Must have the ‘Create, manage and delete user groups’ permission, or an equivalent permission in the relevant OU or container in Active Directory |
| Delete Groups | • Must be a member of the built-in Administrators group or Account Operators group, or, • Must have the ‘Create, manage and delete user groups’ permission, or an equivalent permission in the relevant OU or container in Active Directory |
Feedback
Copyright © 2024 Nuvens
—
Powered by 
Post your comment on this topic.