Re: Delegate control to user

From: joh (anonymous_at_discussions.microsoft.com)
Date: 06/28/04 

Date: Mon, 28 Jun 2004 14:13:59 -0700

Hi Christoffer,

Thanks for the reply. I'm just wondering why this account
can add a new workstations to the domain, but say for
example if a computer breaks and its reimaged, that user
cannot re-add that computer to the domain with the same
NetBios name?? But a domain admin can. Just wondering if
there is a permission I'm not setting or maybe the
delegation is in the wrong location?

Thanks,

joh
>-----Original Message-----
>Hello Joh,
>
>Click View in AD users and computers, click view advanced
features, this
>enable a security tab when you click properties for a
object. You can see
>the security of an object and see what you have
delegated. The Delegation Of
>Control Wizard is just another simple way of modify the
security (ACL) for
>an OU or another container.
>
>Have a look at Add workstations to domain policy:
>http://www.microsoft.com/resources/documentation/windows/x
p/all/proddocs/en-us/526.mspx
>
>--
>Regards
>Christoffer Andersson
>
>No email replies please - reply in the newsgroup
>------------------------------------------------
>http://www.chrisse.se - Active Directory Tips
>
>"joh" <anonymous@discussions.microsoft.com> skrev i
meddelandet
>news:220dd01c45d48$1f962aa0$a601280a@phx.gbl...
>> Hi All,
>>
>> I have a user account that I would like to be able to
add
>> computers to the domain, but not have admin rights. I
have
>> used the Delegate Control wizard to give the user these
>> permissions but its not working as I expected. For
>> example, the user can add computers to the domain, but
say
>> for instance, if there is another computer account in
the
>> directory with the same name, it fails. Using and admin
>> account works. Also, when I try to add Mac OS X
computers
>> to the domain, it fails. Is there a permission that I
>> haven't delegated? Also, is there a way to see exactly
>> what permission has be delegated to a user?
>>
>> Thanks,
>>
>> Joh
>
>
>.
>

Relevant Pages

  • RE: Win 2000 service needs to access Win 2003 Web Server data
    ... The domain account "usr_test" has the permission of reading a log files ... However, for your application, I think if both of the two computers has one ... Microsoft Online Partner Support ...
    (microsoft.public.win32.programmer.networks)
  • Re: Custom rights
    ... Try giving user who is adding account View Only Exchange Administrator ... >> To add computers to the domain go to AD Users and Computers. ... you will have to manually configure permissions on that user object ... >>> Look into AD delegation, though you may need to do some custom ...
    (microsoft.public.win2000.security)
  • Re: Need limited domain admin rights user account.
    ... change you see and are attributing to an action of the delegation wiz. ... "Mike Bailey" wrote in message ... > You said that there is a group for allowing an account to add computers ... >> account) to which it is delegating. ...
    (microsoft.public.windows.server.security)
  • Re: Alerting - Malicious software removal tool
    ... >needed to install an application that she could not install from ... >"Administrator" account. ... You failed to analyze the root cause and correct it ... use their computers to have fun. ...
    (microsoft.public.security.virus)
  • Re: User account
    ... If you log onto the server as Administrator (don't use any other ... I did not want to disable to account. ... > inaccessible within AD users and computers. ... This Domain admin had permission on this account and I did ...
    (microsoft.public.backoffice.smallbiz2000)