Re: Delegating permission to add computers to the domain
From: David Everett [MSFT] (deverett_at_online.microsoft.com)
Date: 03/29/04
- Next message: Derek Melber [MVP]: "using dsadd remotely"
- Previous message: patrick trainor: "RE: ADMT Problem"
- In reply to: Ulf B. Simon-Weidner [MVP]: "Re: Delegating permission to add computers to the domain"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 29 Mar 2004 13:44:43 -0600
Actually, the steps provided were meant to be placed on the OU where
Delegation is needed, not on the Computers container.
for example:
OU=Portable,OU=Clients,DC=parent,DC=com
I don't believe sysprep joins machines to OUs where groups have been
delegated rights based upon the group membership of the user doing the join
under Sysprep.
>From what I know of Sysprep you can alter the Unattend.txt or the
Sysprep.inf files by adding a MachineObjectOU entry that specifies the OU
where machines from a particular image will be added. Members of GroupA
should be given an image containing the Unattend.txt with a MachineObjectOU
referencing the OU where they have delegated rights.
As a test, I would first verify these users have the rights they need by
taking a machine that is currently in a workgroup and have them use netdom
to join into the delegated OU. If this works then you know it is a problem
with the Unattend.txt or Sysprep.inf and not a delegated permissions issue.
Also, make sure the Sysprep.inf has the FQDN for the domain name and not the
NetBIOS Domain Name.
226315 Computer Account Organizational Unit Can Be Specified by Using the
http://support.microsoft.com/?id=226315
If you need assistance in troubleshooting the Sysprep/mini-setup
configuration you might want to post to
microsoft.public.windowsxp.setup_deployment.
-- David Everett Microsoft Corporation This posting is provided "AS IS" with no warranties, and confers no rights. "Ulf B. Simon-Weidner [MVP]" <nospam2-ulf@usw-consulting.com> wrote in message news:MPG.1ad27d6a16d88f7b989ae9@msnews.microsoft.com... > Jon Paskett says... > > Thanks for the reply David, > > > > You are focusing on the Computers container. I understand that default > > behavior is that new computers are created in the Computers container. Can > > this be changed, based upon group membership, to automatically add them to a > > Computers OU located within their Parent? That is my ultimate goal. They can > > predeploy them, but I want to have the ability to automatically add them to > > the OU they are delegated permission to do so. > > > > Thanks for your help > > > > Jon > > > Hi Jon, > > if I understand you correctly you are asking if it is possible to change the > default container where computer Objects are created. > > If you are using Windows Server 2003 you can change that container to any OU > using the redircmp command (or redirusr for the default container for users). > > Test this with your applications which are directory aware in a testenvironment > prior to implementing it in your production network. > > Gruesse - Sincerely, > > Ulf B. Simon-Weidner
- Next message: Derek Melber [MVP]: "using dsadd remotely"
- Previous message: patrick trainor: "RE: ADMT Problem"
- In reply to: Ulf B. Simon-Weidner [MVP]: "Re: Delegating permission to add computers to the domain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
