Hello,
like I said in a title, I am trying to delegate permission for moving user object to its subOUs.
I have spent lots of time doing research and tests on this topic and almost all of the answers says that I need to to the following:
Source OU:
- This object only - Delete User Objects
- Descendant User objects - Write Distinguished Name, Write Name, Write name
Destination OU:
- This object only - Create User objects
All permissions are delegated to the test group.
But the thing is that in doesn't work. While trying to move the test user I get an "Access denied" error.
Is there anything I can do more to make it work? I would like to keep it as simple and as minimal as possible.