When ARS is not a domain admin, using builtin 'administrators' - what granular permissions required to deProvision to target OU.

Our Service Account wasdomain admin until the earth moved.  Now we run as builtin administrators.  What native granular permissions are required on object to deprovision, the losing OU and then winning OU as part of the deprovision process.

We see a failure at the last step of our process, relocate object to new OU fails.  access denied. 


Top Replies