i need to delegate some one to be able to edit the group policy objects under certain OU, but when i open GPMC and browese to the OU that i want to delegate, and navigate to delegation tab, when i click advanced to add the permission, i get the below error "the requested security information is either unavailable or can't be accessed" this happens in certain OUs only not in all OUs any help is hhighly appreciated Eng. Mahmoud Sabry Farghel IT System Engineer

Hello Mahmoud, Are there any trust relationships in your domain?MCDST, MCSAS, MCSES, MCDBA, MCITP, MCTS, MCT

yes, we have trust with another domain, the domain controller in the trusted forest is windows server 2003 and in our forest is 2008Eng. Mahmoud Sabry Farghel IT System Engineer

So is the trust relationship up and running? Try to check if there are any trust issues or offline DCs in the trusted domain.MCDST, MCSAS, MCSES, MCDBA, MCITP, MCTS, MCT

yes the trust is running and users from our domain are noramally authenticated in the trusted domain, and there was a dead DC in the trusted domain, but what is the relation between the trust and this error, and why this happen in some OUs not all OUs, Note: in earlier time we used ADMT to migrate all objects from the trusted domain to our domainEng. Mahmoud Sabry Farghel IT System Engineer

Hi, Please provide us more information and help clarify the following questions: 1. When did the issue begin to occur? After the migration? 2. Did you receive the error after entering user\group name, click Check name? Or after the system tries to apply the permissions? 3. Cannot you add all users\groups to certain OUs? You can refer to the following suggestions for troubleshooting first: Boot into Clean Boot environment ----------------------------------- 1. Click "Start", click “Run” and type "msconfig" to start the System Configuration Utility. 2. Click the "Services" tab, check the "Hide All Microsoft Services" box and click Disable All (if it is not gray). 3. Click the "Startup" tab, click "Disable All" and click "OK". 4. Restart your computer. If the "System Configuration Utility" window appears, please check the box and click "OK". What is the result in this mode? Modify relative attributes via ADSI Edit ------------------------------------ The right to link GPOs is delegated separately from the right to create GPOs and the right to edit GPOs. Be sure to delegate both rights to those groups you want to be able to create and link GPOs. Non-Domain Admins can create an unlinked GPO if they are members of the Group Policy Creator Owners group. The ability to link GPOs to a site, domain or organizational unit is a permission that is specific to that site, domain or organizational unit. 1. Launch ADSIEDIT.msc, navigate to the problematic OU. 2. Add permission to allows Read and Write access to the gPLink and gPOptions attributes on this OU directly. If any error is encountered, please let us know. If the issue persists, I suggest you use Process Monitor to trace any trouble encountered. You can check it on your side or send me the Process Monitor log for further troubleshooting. 1. Visit the following Web site: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx 2. Click Download Process Monitor, and then click Save to save the package to the hard disk. 3. Open the folder where you saved the downloaded file. Right-click the file, and then click Extract All. 4. Select to extract the contents of the tool to "this folder," and then click Extract. 5. After the contents is extracted, double-click the Procmon file to start Process Monitor. 6. While Process Monitor is running, reproduce the issue. 7. After the issue occurs, switch to the Process Monitor window, and then click the microscope icon in the toolbar to stop the capture. 8. On the File menu, click Save. Save the Process Monitor log to any folder that you want. 9. Upload the file to the following workspace. ------------------------------------------------------------ You can upload the information files to the following link. (Please choose "Send Files to Microsoft") Workspace URL: (https://sftus.one.microsoft.com/choosetransfer.aspx?key=ec6e0d7f-68b9-4467-8396-edeadbb9ef45) Password: A2AXdkR$+2Xc Note: Due to differences in text formatting with various email clients, the workspace link above may appear to be broken. Please be sure to include all text between '(' and ')' when typing or copying the workspace link into your browser. Meanwhile, please note that files uploaded for more than 72 hours will be deleted automatically. Please ensure to notify me timely after you have uploaded the files. Thank you for your understanding. Thanks. NinaPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.