Prevent a Junior Administrator from Moving an OU
this morning junior admin able move ou location in ad (a sub ou in same tree). ou specific workstations , able move sub ou within tree structure. administrator not have special rights. a member of helper group. group not have delegated rights ou. when view security permissions on ou, admin not show nor group in (other authenticated users). when view effective permissions, user has no rights other expect user (read attributes). have auditing setup , know sure admin did move ou. user have ability view ad using aduc. how prevent in future? hello, please use vbscript or powershell script , check user groups (nested group): list user groups (richard mueller - mvp) regards Windows Server > Directory Services ...