RE: Delegated permission to add computers
From: ptwilliams (ptw2001_at_hotmail.com.donotspam)
Date: 01/10/05
- Next message: Mental Floss: "RE: Delegated permission to add computers"
- Previous message: Tom: "RE: DNS, DHCP and WINS issues with Windows 2003 UPGARDE"
- In reply to: Jeff: "Delegated permission to add computers"
- Next in thread: Jeff: "Re: Delegated permission to add computers"
- Reply: Jeff: "Re: Delegated permission to add computers"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 10 Jan 2005 08:15:05 -0800
What permissions have you set, and with what scope?
I'd say you want this:
Allow - groupName - Create/ Delete Computer Objects - This object and all
child objects
Allow - groupName - Full Control - Computer Objects
You can also delegate this using the wizard; you just need to add computer
objects as a custom delegation task.
There's also a property on the domain that allows any user to join up to 10
machines to the domain. You might want to change this. Search google for
ms-DS-MachineAccountQuota. This is the property that controls this.
-- Paul Williams http://www.msresource.net/ http://forums.msresource.net/ "Jeff" wrote: > I created a group in AD and delegated permission for that group to add > computers to the default computer container. For some reason when a user in > the group attempts to add a PC to the domain (via My COmputer | Properties), > it returns an access denied error. What can I do to troubleshoot this? > Everything looks correct in AD? Am I missing a permission somewhere? > > Thanks, > > Jeff > > >
- Next message: Mental Floss: "RE: Delegated permission to add computers"
- Previous message: Tom: "RE: DNS, DHCP and WINS issues with Windows 2003 UPGARDE"
- In reply to: Jeff: "Delegated permission to add computers"
- Next in thread: Jeff: "Re: Delegated permission to add computers"
- Reply: Jeff: "Re: Delegated permission to add computers"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
