Hello everyone,
I try write a script which delegate permission on OU in AD, but when I try add both below permission, every time I get on ACL only generic all permission. It looks like they have higher priority than create, delete. What will be cause in this case and how I can fix it?
$ace = New-Object System.DirectoryServices.ActiveDirectoryAccessRule $sid, "CreateChild, DeleteChild", "Allow", $Groups, "All"
$ace2 = New-Object System.DirectoryServices.ActiveDirectoryAccessRule $sid, "GenericAll", "Allow", "Descendents", $Groups
Regards