Re: Restrict the Domain Admin

[Raoul Armfield <armfield () amnh org>]

> Tried to implement this also, and found that if I do not give a user the right to DELETE a user profile, he will NOT be 
> able to MOVE a user from one OU to another OU... has anyone encountered this OR better is there a solution for this...

We get around this by only allowing HR to move people from one ou to 
another.  Our OU's are based on Org Structure and so everyone is in an 
Users OU underneath their Dept.  We use MIIS to get a feed from HR and 
it then provisions/deprovisions/transfers people as need be.  This way 
no one needs to move any users in to different OUs.

--
Raoul