This is the follow up blog Add-ADPermission (Section not completed) Who can run this be default? Exchange Recipient Administrator role Account Operator role for the applicable Active Directory containers What are the valid permission that can be applied? (http://technet.microsoft.com/en-us/library/bb124403.aspx) CreateChild –DeleteChild–ListChildren–Self–ReadProperty–WriteProperty DeleteTree–ListObject–ExtendedRight–Delete–ReadControl–GenericExecute GenericWrite–GenericRead–WriteDacl–WriteOwner–GenericAll–Synchronize AccessSystemSecurity AD- ADPermssions also has some extended rights that can be associated […]