Hello. I am trying to use the Active Directory Module for PowerShell on Windows Server 2008R2. I want to create an AD account (without a mailbox) by using New-ADUser. If I run the command when logged in as the built-in "Administrator" account it works. But if I log in using another account that is a member of Domain Admins or even the local Administrators group, it fails with an "Access Denied" error. I have verified that I can create an account manually using AD Users & Computers. I did find a blog post on EggHeadCafe (http://www.eggheadcafe.com/software/aspnet/35260878/permission-problem-with-powershell-v2-active-directory-commands.aspx) that exactly describes my situation. My problems are 1) I can't understand why this doesn't work, and 2) I wouldn't mind using the solution provided in the above post except that I don't know what permissions to give to new security group the author references.
Can someone please help?
Stephane Poirier
