Modifying computer roles

If you use computer role assignments to control access to a computer, the following permissions are required to modify computer roles:

Select this target object To apply these permissions

msDS-AzScope

This object is listed under a globally unique identifier (GUID) for the Authorization object. For example:

CN=cab186af-61a0-4d54-a0dd...

Click the Properties tab and select Allow to apply the following properties to this object only:

  • Read description
  • Read msDS-AzScopeName
  • Read msDS-AzApplicationData
  • Write description
  • Write msDS-AzScopeName
  • Write msDS-AzApplicationData