So you have an Active Directory OU and you want to control who can create groups therein and modify the membership of those groups. Here is the DACL information you need:
(Advanced Security)
Action Applies to
Create/delete Group objects This object and all descendant objects
Full Control Descendant Group objects
Cheers!
No comments:
Post a Comment