Hello all, I am running OES2 SP2 linux suse 10.3 and I have an interesting problem..or maybe not so interesting, if I don't understand, that the issue may be by design?

We are currently connecting and building our edirectory, so far I have 2 sites OU's in the master tree, and things are going well. Because all servers being built are connecting to the master server/tree, by default of course, the original master admin, estblished for thr tree, is the master user that logs in.

For each additional OU, I created a new admin, and made that admin a part of a system_operator group. I then made that group have god rights at the top of the tree as a trustee, with Supervisor and inheritable. As expected the user can log in, perform all tasks in consoleone etc, where things go ary, is in console one. The new admin user in imanager can:

- create most objects
- administer most nds objects

But what he CAN'T do, of what I;ve found so far is:

- Start DNS
- Start DHCP

I get an error...if I login with the original admin, created on the master server, when being created...I can indeed start these services on any server in the tree, and in any OU...it seems like the rights are the same...can someone give me some insight?

Thanks in advance.