We have a user that we want to give rights to create/delete computer objects in an OU.
I granted these rights and it works fine.
The problem is on some existing computer accounts when they try and delete the object via script they they get Access denied, you do not have sufficient privileges to delete xxx. I tried as the user in ADUC and got a warning "Object xxx contains other objects. Are you sure you want to delete object xxx and all the objects it contains"
I then traced this back to working out the computer object contains and MSMQ configuration.
What rights do I need to assign the user for them to be able to delete the object from AD including this "MSMQ configuration" and when scripting is there a switch they can use to skip the warning?
BTW,
I have granted Delete "MSMQ Queue Alias objects" & Delete "MSMQ Group objects".