Re: What happens to the machine name in AD?
From: SA (nospam_at_nospam.nospam)
Date: 02/03/05
- Previous message: Adam Holmes: "Group Policy Settings... missing?"
- In reply to: Guido G: "Re: What happens to the machine name in AD?"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 3 Feb 2005 16:17:57 -0500
Thanks Guido.
"Guido G" <guidoDOTgrillenmeierAThpANOTHERDOTcom> wrote in message
news:u9SIuvdCFHA.3688@TK2MSFTNGP14.phx.gbl...
> The user needs Write permissions on the computer object to modify all
> attributes. The normal user doesn't have these permissions, but you'd
> usually grant these rights on the OU that contains the computer objects.
>
> e.g. if you've split up your OUs by location, and you'd want to make this
> work for the local admins of location1 you'd create a group called
> something
> like "ComputerAdmins_Location1" containing the user accounts of those
> local
> admins. Then you'd grant this group either modify or full control on
> computer objects on the location1 OU in AD. Realize, that this doesn't
> grant
> them permissions to ADD or DELETE computer objects - those are extra
> permissions you'd need to grant, if you want them to be able to join new
> computers to the domain, but just in their OU (same thing to delete them).
>
> The latter will only make sense, if you remove the default privilege for
> any
> authenticated user to add 10 computers to the domain - otherwise they
> could
> always create a few account in the domain's Computer container. You can
> remove these rights by editing the Default Domain Controller's policy
> (replace "Authenticated Users" with "Domain Admins" for the "Add
> workstations to domain" User Right in Computer Config\Windows
> Settings\Security Settings\Local Policies\User Rights Assignment)
>
> /Guido
>
> "SA" <nospam@nospam.nospam> wrote in message
> news:eNXiByVCFHA.1392@tk2msftngp13.phx.gbl...
>> Thanks guys,
>> Guido thats exactly what I meant to ask.
>> They dont have the right to change the computer name by default, do they?
>> If I want to make this happen automatically what rights would the uers
> need
>> on the computer OU.
>>
>> SA.
>>
>> "Guido G" <guidoDOTgrillenmeierAThpANOTHERDOTcom> wrote in message
>> news:OgSXsYVCFHA.208@TK2MSFTNGP12.phx.gbl...
>> >I guess SA was more referring to a machine that's already a member of an
> AD
>> > domain. Here it's more a question on how you change the machine name
>> > and
>> > which permissions you have in AD.
>> >
>> > If a local admin changes the PC name (of 2000/XP/2003 machines) via the
>> > UI,
>> > he will be prompted for his credentials in the domain. If the user had
>> > sufficient rights on the object in AD (e.g. delegated permissions set
>> > on
>> > the
>> > OU which holds the computer accounts), then next to renaming the
> computer
>> > locally, the computer account in AD also be renamed and the computer
> would
>> > remain joined to the domain. Otherwise, a rename will disjoin it.
>> >
>> > The local administrator can also change the name on the PC via a simple
>> > script - if this script doesn't also update the respective computer
>> > account
>> > in AD, the machine will again be disjoined from the domain. If the
> script
>> > is
>> > smart enough and the user had sufficient right on the object in AD,
>> > then
>> > the
>> > computer would remain in the domain and be renamed at both ends.
>> >
>> > On the DNS end, I believe a new DNS record will be created for the new
>> > name
>> > (i.e. the old one remains until it is scavenged, if you've turned on
> this
>> > feature).
>> >
>> > /Guido
>> >
>> >
>> > "Allen Firouz" <AllenFirouz@discussions.microsoft.com> wrote in message
>> > news:C58E166C-07C8-4CA6-8502-B17004F17A79@microsoft.com...
>> >> SA,
>> >>
>> >> If you are using a Windows 2000, XP or 2003 (which can handle Dynamic
> DNS
>> >> Registration), then it is as simple as changing the PC name and
>> >> joining
>> >> it
>> > to
>> >> the domain. These OS automatically register and update their name in
>> >> DNS.
>> >> Refer to these links:
>> >> Dynamic DNS: http://support.microsoft.com/kb/q246804/
>> >> Force DNS name registration:
>> >>
>> >
> http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_tro_UsingIpconfigRegisterdns.asp
>> >>
>> >> WinXP DNS registation:
>> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;305553&sd=tech
>> >>
>> >> -Allen Firouz
>> >>
>> >>
>> >> "SA" wrote:
>> >>
>> >> > Hi,
>> >> > I wanted to know what happens to the machine name in AD when it is
>> > changed
>> >> > on the PC side? Does the name get changed automatically on the side
> or
>> > does
>> >> > it need to be manually updated?
>> >> > Thanks,
>> >> > SA.
>> >> >
>> >> >
>> >> >
>> >
>> >
>>
>>
>
>
- Previous message: Adam Holmes: "Group Policy Settings... missing?"
- In reply to: Guido G: "Re: What happens to the machine name in AD?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
