Re: Not using a domain admin ID when joining the domain
- From: Tim B <TimB@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 12 Aug 2008 07:51:35 -0700
I am not trying to create a computer account with a local admin. The
computer account was already created by a domain admin. I am trying to use
an existing computer account to join the domain from the client. (system
properties dialog box,
Computer Name tab, Change button)
--
Thanks
Tim B
"Meinolf Weber" wrote:
Hello Tim,.
The local administrator can NOT join a coputer to the domain. It has to be
a domain administrator or a domain user account with delegated control like
described in the articles.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Thanks for your input.
I am not trying to have an authenticated user create a machine
account. I am trying to get a user who has logged on locally to the
client to join the domain using a computer account that was created
ahead of time by a domain administrator.
When you try to join the domain, you can opt to supply domain
credentials that have privs to create the computer account, or you can
leave it blank and try to use an existing computer account with the
same name.
I used a network sniffer to verify that when the client tries to join
the domain, it tries to establish a session using the local
administrator id. This is denied by the domain controller, and you
get an Access denied error.
"Meinolf Weber" wrote:
Hello Tim,
By default a user can join a maximum of 10 machines to the domain.
Also see here:
http://support.microsoft.com/kb/243327/en-us
http://support.microsoft.com/kb/932455
http://blogs.dirteam.com/blogs/jorge/archive/2006/01/05/369.aspx
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
I have encountered a problem where clients that need to rejoin the
domain after a ghost image restore will not rejoin the domain unless
a domain admin id is supplied at the client. In the past, we always
had an admin delete and recreat the computer account in the domain,
then allowed non-admins to rejoin the clients to the domain. This
prevents us from having to visit the client.
If the user tries to join the domain without specifying a domain
admin user id, the local admin id is used to set up a session with
the domain controller and the login fails.
Is there a group policy setting that could have changed that impacts
this?
- Follow-Ups:
- Re: Not using a domain admin ID when joining the domain
- From: Meinolf Weber
- Re: Not using a domain admin ID when joining the domain
- References:
- Not using a domain admin ID when joining the domain
- From: Tim B
- Re: Not using a domain admin ID when joining the domain
- From: Meinolf Weber
- Re: Not using a domain admin ID when joining the domain
- From: Tim B
- Re: Not using a domain admin ID when joining the domain
- From: Meinolf Weber
- Not using a domain admin ID when joining the domain
- Prev by Date: Re: Not using a domain admin ID when joining the domain
- Next by Date: Re: is it possibly to uninstall software via GPO not originally de
- Previous by thread: Re: Not using a domain admin ID when joining the domain
- Next by thread: Re: Not using a domain admin ID when joining the domain
- Index(es):
