Re: Delegating permission to add computers to the domain

From: David Everett [MSFT] (deverett_at_online.microsoft.com)
Date: 03/26/04

Next message: Chriss3: "Re: Adding a Domain Tree"
Previous message: David Everett [MSFT]: "Re: Delegating permission to add computers to the domain"
In reply to: Jon Paskett: "Delegating permission to add computers to the domain"
Next in thread: Jon Paskett: "Re: Delegating permission to add computers to the domain"
Reply: Jon Paskett: "Re: Delegating permission to add computers to the domain"
Messages sorted by: [ date ] [ thread ]

Date: Fri, 26 Mar 2004 14:45:56 -0600

One minor change to Step 7....

Instead of Editing the Existing rights, Add the user or group again to the
Advanced Security and click "Apply onto...". In the drop-down box select
Computer Objects and then set Allow on the following:
a. Read all Properties
b. Write all Properties
c. Change Password
d. Reset Password

In the end they will have "Create Computer Objects" and "Delete Computer
Objects" on "This object and all child objects" and the 4 rights listed
above on "Computer Objects".

-- 
David Everett
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
"Jon Paskett" <paskettj@email.NOSPAM.com> wrote in message
news:up#ExIqEEHA.1544@TK2MSFTNGP11.phx.gbl...
> OS = Windows Server 2003
>
> I need to delegate permission to a group of users to add computers to the
> domain in their OU only. Creating a custom task allowing Object Type =
> Computer Objects, Create/Delete objects with Full Control Permission in
the
> custom delegation wizard. However, this does not allow group members to
add
> the computer to the domain. AD says user does not have permission.
>
> TIA
>
> Jon
>
>

Next message: Chriss3: "Re: Adding a Domain Tree"
Previous message: David Everett [MSFT]: "Re: Delegating permission to add computers to the domain"
In reply to: Jon Paskett: "Delegating permission to add computers to the domain"
Next in thread: Jon Paskett: "Re: Delegating permission to add computers to the domain"
Reply: Jon Paskett: "Re: Delegating permission to add computers to the domain"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: What happens to the machine name in AD?
... The user needs Write permissions on the computer object to modify all ... usually grant these rights on the OU that contains the computer objects. ...
(microsoft.public.windows.server.active_directory)
Re: Scripting adding "Send As" right to AD Users and Computers
... you can modify it a bit to get the results you want. ... What if you used the AD Viewer program to find the correct 'AD name' and then wrote a script to show this to confirm. ... Directory User and Computer objects.. ... We are trying to find out which users and groups have "Send As" rights on ...
(microsoft.public.windows.server.scripting)
Re: Delegation : Cant move Computer objects.
... You have to delegate create rights in the destination OU and Delete ... "Zul" skrev i meddelandet ... >> computer objects for the default "Computers Container" as well as the ...
(microsoft.public.windows.server.active_directory)
Re: Delegation Wizard
... On the Security tab, ... the Create Computer Objects and Delete Computer Objects ACEs, ... Password" rights for computer objects. ... > I know this is because they don't have permissions for the object in the> container which it resides but I only want to delegate the permissions> necessary for their account to rename the new build without error. ...
(microsoft.public.windows.server.active_directory)
Re: Delegated permission to add computers
... This setup was initially done using the delegated control wizard. ... Right now the group has the following permission: ... I am going to try to add Full Control permissions on computer objects to see ... Jeff ...
(microsoft.public.windows.server.active_directory)