less than 1 minute read

Today I was playing a bit in my lab with PowerShell and AD Computer Objects. I automate the daily cleanup of Inactive Computer Object and move them to a specific OU. This script is running with his own service account, the privileges required are specified below.

Move Computer Object INSIDE an OU: -Create Computer

Move Computer Object OUTSIDE an OU: -Delete Computer -Write All Properties

As an example, here I was using the “Delegation of Control Wizard” to allow the “Move out”

Leave a comment