Re: Adding workstations to domains
From: Dmitry Korolyov [MVP] (d__k_at_removethispart.mail.ru)
Date: 09/01/04
- Next message: Mike Cason: "Re: Formating removable media ???"
- Previous message: Jeremy Sun: "Re: DC GPO - password policy not enforced"
- In reply to: Ed: "Adding workstations to domains"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 1 Sep 2004 10:07:23 +0400
You need to delegate them permissions to Create/Delete computer objects in
the default Computer container in a domain, as well as necessary permissions
(create/delete computer objects, full control to computer objects) in the
target OU where these accounts will be moved after joining.
-- Dmitry Korolyov [d__k@removethispart.mail.ru] MVP: Windows Server - Active Directory "Ed" <Ed@discussions.microsoft.com> wrote in message news:807E600D-9805-4DDF-B1E5-F2803960EFCE@microsoft.com... Hello all, For security purposes, I have trimmed the members of the Domain Admins group accross all domains to only a select few. When doing this, ex-members of that group are no longer able to add machines to the domain. In Default Domain Policy and Default Domain Controllers Policy | User Rights Assignment, I have added these users to the "Add workstations to the Domain" policy, but it still doesn't work. I have also Delegated control to the Computers container so they have the right to write. What am i missing? I need these users to be able to add machines to the domain without them having domain admin rights. Thanks.
- Next message: Mike Cason: "Re: Formating removable media ???"
- Previous message: Jeremy Sun: "Re: DC GPO - password policy not enforced"
- In reply to: Ed: "Adding workstations to domains"
- Messages sorted by: [ date ] [ thread ]
