Re: Not using a domain admin ID when joining the domain

Hello Tim,

The local administrator can NOT join a coputer to the domain. It has to be a domain administrator or a domain user account with delegated control like described in the articles.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Thanks for your input.

I am not trying to have an authenticated user create a machine
account. I am trying to get a user who has logged on locally to the
client to join the domain using a computer account that was created
ahead of time by a domain administrator.

When you try to join the domain, you can opt to supply domain
credentials that have privs to create the computer account, or you can
leave it blank and try to use an existing computer account with the
same name.

I used a network sniffer to verify that when the client tries to join
the domain, it tries to establish a session using the local
administrator id. This is denied by the domain controller, and you
get an Access denied error.

"Meinolf Weber" wrote:

Hello Tim,

By default a user can join a maximum of 10 machines to the domain.

Also see here:
http://support.microsoft.com/kb/243327/en-us
http://support.microsoft.com/kb/932455

http://blogs.dirteam.com/blogs/jorge/archive/2006/01/05/369.aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
I have encountered a problem where clients that need to rejoin the
domain after a ghost image restore will not rejoin the domain unless
a domain admin id is supplied at the client. In the past, we always
had an admin delete and recreat the computer account in the domain,
then allowed non-admins to rejoin the clients to the domain. This
prevents us from having to visit the client.

If the user tries to join the domain without specifying a domain
admin user id, the local admin id is used to set up a session with
the domain controller and the login fails.

Is there a group policy setting that could have changed that impacts
this?



.

Relevant Pages

  • Re: "No" showing up for Computers with the Client installed.
    ... I have already configured the network access account to be the domain ... I placed the domain administrator account in Connection Accounts | ... folder. ... I have also added accounts in the Client Push Installation property, ...
    (microsoft.public.sms.admin)
  • Re: Factories and lazy objects
    ... It seems to be a controller object that is sequencing ... responsibilities at a different level of abstraction than individual ... object implementations. ... If one gets Account from MainFrameConnection, ...
    (comp.object)
  • RE: configuring client users
    ... This newsgroup only focuses on SBS technical issues. ... | Thread-Topic: configuring client users ... |> computer to SBS server while we need use "set up computer wizard" to ... |> For user account issue, please understand that if you join the client ...
    (microsoft.public.windows.server.sbs)
  • RE: configuring client users
    ... > Welcome to SBS newsgroup. ... we use "connect computer wizard" to connect the client ... > computer to SBS server while we need use "set up computer wizard" to set up ... > best interest to rerun the wizard again to add the client computer account ...
    (microsoft.public.windows.server.sbs)
  • RE: Cant install Windows Small Business 2003 Client
    ... Make sure that the Small Business Server ... that if the client computer is asking for the user and password is because is ... Try deleting one computer and create a new user account and recreate the ... computer object to see if that account can be use connectcomputer then. ...
    (microsoft.public.windows.server.sbs)