RE: adding workstation to domain

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: S.J.Haribabu (sjhari_at_microsoft.com)
Date: 10/25/04 

Date: Mon, 25 Oct 2004 13:37:43 GMT

Hello Gary,

Thanks for the posting. Go through the following article to resolve the
problem.

The Add workstations to domain user right lets a user add as many as 10
computers to a domain. By default, Windows 2000 grants the Add workstations
to domain right to Authenticated Users. Therefore, in a default-configured
domain, everyone in the forest can add as many as 10 computers to each
domain in the forest. I recommend deleting this right assignment in the
Default Domain Controllers Policy Group Policy Object (GPO) to keep
unwanted computers from your domains.

The Create computer objects permission on an OU lets you add any number of
new computers to that OU. By default, only Administrators and Account
Operators have this permission on OUs.

Using one of these two rights, you have three ways to add a computer to a
domain. First, here's one way you can use the Add workstations to domain
right. Toward the end of a Windows installation, Windows asks you whether
the computer should be a member of a domain. If you choose to add the
system to a domain, the program prompts you for the computer's name and the
name of the domain in which to create its account. Win2K creates the new
computer account in the AD Computers container, which you can view in the
Microsoft Management Console (MMC) Active Directory Users and Computers
snap-in.

Second, you can use the "net computer <computer name> /add" command to
create the computer account. This method also creates the account in the AD
Computers container in the Active Directory Users and Computers snap-in in
the domain of the computer on which you execute the command. Later, when
you install Windows on another computer and Windows asks you for a computer
name and domain, you can claim the newly created computer account.

I hope it would solve your issue.

Thanks,
sjhari@online.microsoft.com

This posting is provided "AS IS" with no warranties, and confers no rights.

 

Relevant Pages

  • RE: dr testing but cannot logon
    ... This behavior may occur if the password for the computer account and the ... Reset the secure channel between the Windows XP-based client computer and ... Support\Tools folder of the Windows XP CD-ROM. ... Check the event logs on both the PDC and Windows XP client computer. ...
    (microsoft.public.win2000.active_directory)
  • RE: Login Scrips in a Mixed World
    ... Because the Windows XP workstations connect to the PDC via WAN and Windows ... to guarantee the login scripts can run on the Windows XP ... remote office, and move these computers to that OU. ...
    (microsoft.public.windows.group_policy)
  • RE: Login Scrips in a Mixed World
    ... If I "Create an Organization Unit for the Windows XP ... Also it's the uses login Script, ... BDC (Remote Office) thier are scripts for depatrments ie ... If the XP Workstations will Detect and use the GC over the ...
    (microsoft.public.windows.group_policy)
  • RE: computer account change password with Windows 2008 domain
    ... Hello, I'm interested in the hotfix too, I have the same problem ... computer account change password with Windows 2008 domain ...
    (comp.protocols.kerberos)
  • Re: Limiting Ability to Join Domain
    ... Microsoft MVP - Windows NT Server ... They can add maximum 10 workstations ... > Authenticated Users group by default. ... >> Microsoft MVP - Windows NT Server ...
    (microsoft.public.windows.server.setup)