7-6: Moving Users and Other Objects

Solution overview

Type of solution	Guidance
Features and tools	Active Directory ACLs, proxying
Solution summary	Delegating the ability to move users or computers between OUs also delegates the ability to delete one or more such objects, accidentally or intentionally. You should design your delegation to restrict the ability to delete objects.
Benefits	Decreased risk of denial of service; decreased potential for deleted object recovery requirements.

Introduction

The ability to move users or other objects between OUs in Active Directory is commonly required by administrators to support the movement of employees and computers around an organization. Unfortunately, it is somewhat dangerous to allow administrators to move ...

Get Windows Administration Resource Kit: Productivity Solutions for IT Professionals now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Windows Administration Resource Kit: Productivity Solutions for IT Professionals by Dan Holme

7-6: Moving Users and Other Objects

Solution overview

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly