AD Security by OU?

Ben Worrell

5/1/24, 2:59 PM

In our AD environment we maintain the Description field to help identify our computers.

I found that I and others on my team can update some system in certain OUs but cannot update them in others.

I Asked our Security and Server teams they don't have an answer as to why nor the time to find out.

Anyone have an answer so I can help them to fix things so that my team can do our job?

Thank you

1 + 0

security

active-directory

Score:1

Server

yagmoth555

5/1/24, 3:28 PM

They deleguated the security inside the Active Directy by OU. It's a bestpractice to do so.

See there for example of how it's done; https://activedirectorypro.com/delegate-control-in-active-directory/

+ 2

LeeM

5/1/24, 11:19 PM

Per this answer, someone has delegated permissions for your team on some OUs so you can modify the computer description, but not on others. It's really great whoever actually manages AD security is being so unhelpful. If you use AD Users and Computers, go into the View menu and select Advanced View. On an OU where your access is OK, right-click on it, select Properties, then the Security tab. Select Advanced and then you'll hopefully see the full permissions list for the OU. You can sort by "Principal" - maybe you'll see a group you know you're in. Screenshot and compare with a "bad" OU

LeeM

5/1/24, 11:26 PM

You may not have permission to actually view the permissions on an OU, but that's unusual, esp one that you can modify objects in. Either way - the screenshots can be referenced if you have them - you can nicely ask your security team whether they manage AD perms and if not, *who does* - they should know who manages it! Then you can nicely ask that team to do *their* job (preferably submit a job ticket they can't ignore) and fix the perms. Refer to an OU which has the working perms and ask that the "bad" OUs be fixed. Escalate to the boss if they push back - obv YOU can't fix it.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: AD Security by OU?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.