Security Basics mailing list archives
Re: Restrict the Domain Admin
From: Raoul Armfield <armfield () amnh org>
Date: Mon, 03 Oct 2005 12:08:09 -0400
Tried to implement this also, and found that if I do not give a user the right to DELETE a user profile, he will NOT be able to MOVE a user from one OU to another OU... has anyone encountered this OR better is there a solution for this...
We get around this by only allowing HR to move people from one ou to another. Our OU's are based on Org Structure and so everyone is in an Users OU underneath their Dept. We use MIIS to get a feed from HR and it then provisions/deprovisions/transfers people as need be. This way no one needs to move any users in to different OUs.
-- Raoul
Current thread:
- RE: RE: Restrict the Domain Admin Craig Wright (Oct 03)
- <Possible follow-ups>
- Re: Restrict the Domain Admin Raoul Armfield (Oct 03)