Wednesday, April 20, 2016

Permissions to edit group membership only

So you have an Active Directory OU and you want to control who can create groups therein and modify the membership of those groups. Here is the DACL information you need:

(Advanced Security)

Action                        Applies to
Create/delete Group objects   This object and all descendant objects
Full Control                  Descendant Group objects

Cheers!

No comments:

Post a Comment