How does an Assistant Admin create an object in a container? (NETIQKB1161)

  • 7701161
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

goal
How does an Assistant Admin create an object in a container?

fact
Directory and Resource Administrator 6.x

fact
Directory and Resource Administrator 7.x

symptom
Error: 'You do not have the power to create the object object_name in the container container_name.'

symptom
An Assistant Admin receives the following error message when trying to create a User account: 'You do not have the power to create the user user_name in the container container_name.'

symptom
An Assistant Admin receives the following error message when trying to create a Group: 'You do not have the power to create the group group_name in the container container_name.'

symptom
An Assistant Admin receives the following error message when trying to create a Computer account: 'You do not have the power to create the computer computer_name in the container container_name.'

symptom
An Assistant Admin receives the following error message when trying to create an OU: 'You do not have the power to create the Organizational Unit OU_name in the container container_name.'

cause
The ActiveView definition does not contain a Rule to include a Target Container, Target Domain or Target Domain Member for the create operation.

fix

For an Assistant Admin to perform a Create Operation, the ActiveView must include a rule specifying a target in which to create the object.

To add a rule specifying a target for Create Operations to the ActiveView, complete the following steps:

  1. Launch the Directory and Resource Administrator MMC while logged on as an Assistant Admin with at least Built-in Security Role.
  2. Select ActiveView management.
  3. Highlight ActiveViews.
  4. Highlight the ActiveView in question.
  5. Select Add objects.
  6. Select the rule Target Container (OU) for Create Operation, Target Domain for Create Operation, or Target Domain Member for Create Operation, and click Next.
  7. Complete the definition of the scope for this rule.
  8. After you have created the rule, reconnect to the Administration server and create the object in the specified target.



note
This restriction of Assistant Admin privileges facilitates granular delegation of powers over domains, organizational units, and domain member servers.

Additional Information

Formerly known as NETIQKB1161