Ask the Expert

Applying permissions to an Active Directory OU

We are trying to apply the permission "allow add/remove self" to a number of groups that reside in an organizational unit (OU). When I view the permissions of one of the groups, the permission "add/remove self" is visible. Also, I can apply this permission to all the groups in that OU. However, when we view the permissions of the OU in which all the groups reside, the permission is not visible. We understand that this is because the OU is not a group, so it does not have this property -- hence, it cannot be defined. We would like to apply the permissions to the whole OU so that any new groups created will inherit this permission. Is this possible?

    Requires Free Membership to View

Through traditionally means, I would say no. However, if you were to alter the method by which you create groups, you could perform the function programmatically. Many companies use scripts to put user changes into a file or database first and then process them all at once. If you did this, then you would have control over how they got created. Also, if you really wanted to go to the next level, you could use third-party software like Trusted Enterprise Manager (TEM) to create additional control over users and groups.

This was first published in October 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: