Re: "Add workstations to domain"
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 06/24/04
- Next message: Herb Martin: "Re: LockoutThreshold"
- Previous message: Joe Richards [MVP]: "Re: DSADD Computer"
- In reply to: Giles: "Re: "Add workstations to domain""
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 24 Jun 2004 19:54:32 -0400
This has been a topic of much discussion, I think the generally accepted answer
is to help in the cases of small sites that don't have a lot of admins. The
users can help themselves and in the cases of sites with users with laptops who
go to business sites, join the domain there and then come home and need to join
their work domain again.
On the second question, you can script this using adsi or wrapping netdom in a
batch file or script.
joe
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net Giles wrote: > I know I'm being a real pain now but how come by default a normal domain user has this ability? I find it strange as I would have thought this was a role only for someone with admin rights??? Is this also the same for Server 2003? > > Oh one more question: is it possible to create a computer account within a specific OU from the workstation itself, rather than manually moving it from the normal Computers container to the OU you wish it to be in? > > Thank you and your patience is much appreciated. > > "Joe Richards [MVP]" wrote: > > >>So that a normal user can't abuse the ability and D.O.S. an environment by >>creating millions of accounts. >> >>-- >>Joe Richards Microsoft MVP Windows Server Directory Services >>www.joeware.net >> >> >> >>Giles wrote: >> >>>Hi Matjaz, >>> >>>Thank you for the quick reply. However, why is this the case? I would have thought a user would either have priviledges to join a domain or not at all. It seems very strange there is a 10 workstation limit. >>> >>>Cheers >>> >>> >>> >>>"Matjaz Ladava [MVP]" wrote: >>> >>> >>> >>>>In AD domain a normal user has ability to add up to 10 computers to the >>>>domain. >>>>See http://support.microsoft.com/?kbid=251335 for all posibilities why and >>>>how to change this behaviour. >>>> >>>>-- >>>>Regards >>>> >>>>Matjaz Ladava >>>>MVP Windows Server - Directory Services >>>>matjaz@ladava.com, matjazl@mvps.org >>>> >>>>"Giles" <Giles@discussions.microsoft.com> wrote in message >>>>news:DA9763F9-CCF1-4BFC-8DF3-94C899CC97D4@microsoft.com... >>>> >>>> >>>>>Hello all, >>>>> >>>>>May be a silly question, however: >>>>> >>>>>I have created an ordinary domain user in a group within an OU (Staff >>>>>OP's). I intended this user to have the ability to add workstations to a >>>>>domain using the "User Rights Assignments". I do not want them to be a >>>>>member of any group except Domain Users. The problem i'm finding is that >>>>>the user already seems to be able to join computers to a domain without >>>>>specifying the priviledge. He's not an administrator or a member of. Can >>>>>anyone tell me why this maybe happening? >>>>> >>>>>Thanks in advance. >>>> >>>> >>>>
- Next message: Herb Martin: "Re: LockoutThreshold"
- Previous message: Joe Richards [MVP]: "Re: DSADD Computer"
- In reply to: Giles: "Re: "Add workstations to domain""
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
