Modifying computer roles

If you use computer role assignments to control access to a computer, the following permissions are required to modify computer roles:

Select this target object	To apply these permissions
msDS-AzScope This object is listed under a globally unique identifier (GUID) for the Authorization object. For example: CN=cab186af-61a0-4d54-a0dd...	Click the Properties tab and select Allow to apply the following properties to this object only: Read description Read msDS-AzScopeName Read msDS-AzApplicationData Write description Write msDS-AzScopeName Write msDS-AzApplicationData

Select this target object

To apply these permissions

msDS-AzScope

This object is listed under a globally unique identifier (GUID) for the Authorization object. For example:

CN=cab186af-61a0-4d54-a0dd...

Click the Properties tab and select Allow to apply the following properties to this object only: