Re: Unable To Delegate Add Workstation To Domain
From: Jerold Schulman (Jerry_at_jsiinc.com)
Date: 06/29/04
- Next message: barryg: "Active Directory Domains + Trusts"
- Previous message: Hema S: "Re: The Active Directory database is corrupt"
- In reply to: Darren Toews: "Unable To Delegate Add Workstation To Domain"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 29 Jun 2004 07:57:17 -0400
See tip 5978 in the 'Tips & Tricks' at http://www.jsiinc.com
On Mon, 28 Jun 2004 15:48:49 -0500, "Darren Toews" <dtoews@rrc.mb.ca> wrote:
>Hi all,
>
>Have a problem that I wonder if you can help me with. We have a Windows
>2000/2003 domain. The domain controllers are 2000 and the member servers
>are a mixture of 2000 and 2003.
>
>I have created various OU admin groups for our different department and made
>the user objects for those users members of those groups. Now I have tried
>adding all the OU admin group objects to a domain local group to which I'd
>like to delegate the ability to add workstations to the domain. I have
>tried doing this 3 different ways. 1) Using the delegation wizard, 2) Via
>Group Policy at the domain level (added the Add Workstation group to the
>list of users able to add workstations to the domain in the Computer Section
>of the GPO under User Account Rights) and 3) editing the Domain security
>properties and manually adding the group in giving them read, read all
>properties and Create Computer Objects and Delete Computer Objects.
>
>None of these methods seems to work. I can add a workstation with the
>domain admin account and with an account that is a member of the domain
>admins group so it does not seem to be communications related, but any
>account in the add workstations group generates an "Access Denied" error. I
>have also tried creating a test account not in the above group and using
>each of the 3 methods to delegate rights directly to that account with no
>luck either. Only the Domain Admins can add a workstation.
>
>When I manually go into the security settings for any of the domains, I can
>see that the rights have properly inheirited down the tree using the
>Effective Permissions tab, so the users should have the appropriate rights
>to accomplish this task, yet for some reason they are not able to do it.
>
>Searching Google I came across an article detailing that in some cases a bad
>sysprep image can cause this and that a solution is to apply the Setup
>Secuirty Local Security Policy Template on the workstation. I have tried
>this as well, and it worked a couple of times, but no longer seems to do the
>trick.
>
>I've tried search Microsoft's support site and was unable to find anything
>helpful.
>
>If anyone has any suggestions for me, I'd greatly appreciate them!
>
>Thanks in advance,
>
>Darren Toews
>
Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
- Next message: barryg: "Active Directory Domains + Trusts"
- Previous message: Hema S: "Re: The Active Directory database is corrupt"
- In reply to: Darren Toews: "Unable To Delegate Add Workstation To Domain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
