Implementing RBAC for AD - What permissions are required to delete an OU

Copper Contributor

I am setting up role based permissions in AD. Everything is working with the exception of deleting on OU. I used the delegation wizard to grant permission to a security group for all account objects and organizational units (and child objects). I can create an OU, uncheck the "protect from accidental deletion", but I cannot delete on you (requires DA). I am assuming this is an intentionally security measure and not simply a missing permission that I can delegate. Is that correct?

0 Replies