Re: join domain/create computer accounts... driving me NUTS!

LOL... i added the following text to template6 and it doesnt even show up
when i go to delegate control at the domain level!!!! have you tested your
mess in windows 2003?


;----------------------------------------------------------
[template6]
AppliesToClasses = domainDNS,organizationalUnit,container

Description = "Add and/or join a computer to the domain in an OU (computer)"

ObjectTypes = SCOPE, computer

[template6.SCOPE]
;Right to create computer objects
computer=CC

[template6.computer]
;Right to join computers to domain
CONTROLRIGHT= "Reset Password","Validated write to DNS host name","Validated
write to service principal name", "Account Restrictions"
;----------------------------------------------------------
"Jimmy D" <NOSPAM_jjd228@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:OiuA8sBIGHA.2680@xxxxxxxxxxxxxxxxxxxxxxx
> ok... Jorge....
> well since it is VERY rare that someone will manually create a computer
> account in AD and THEN join it to the domain, where does that leave your
> advice? 99% of admins will simply join a computer to the domain and supply
> admin credentials AT THAT TIME so the computer account is automatically
> created in the domain.
>
> and NO ONE is stupid enough to have 2 groups... 1 that creates computer
> accounts, and another that joins them to the domain. you need some real
> world experience before you waste time writing web pages that pretend to
> help
>
>
>
> "Jorge de Almeida Pinto [MVP]"
> <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message
> news:OEDq98oHGHA.344@xxxxxxxxxxxxxxxxxxxxxxx
>> this is not a hack... have you ever read the delegation of control white
>> papers? amongst others this comes from that MICROSOFT white paper that
>> also provides an additional template with additional tasks that can be
>> used through the delegation of control wizard
>>
>> if there are proper ways, why are you asking on how to accomplish this
>> and why have you not found any answer yet?
>>
>> just trying to help here... but instead of that you are being ungrateful
>> and rude! and that is not necessary!
>>
>> --
>>
>> Cheers,
>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>> # Jorge de Almeida Pinto #
>> MVP Windows Server - Directory Services
>> BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
>> -----------------------------------------------------------------------------
>> * This posting is provided "AS IS" with no warranties and confers no
>> rights!
>> * Always test before implementing!
>> -----------------------------------------------------------------------------
>>
>>
>> -----------------------------------------------------------------------------
>> "Jimmy D" <NOSPAM_jjd228@xxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:%230KF9NnHGHA.3408@xxxxxxxxxxxxxxxxxxxxxxx
>>> im thinking its confusing because its an unnecessary hack! there are
>>> "proper" ways to do what im trying to do without editing templates
>>> manually..... and the english is also terrible making it even worse. but
>>> again... thanks
>>>
>>>
>>> "Jorge de Almeida Pinto [MVP]"
>>> <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message
>>> news:u95cofiHGHA.208@xxxxxxxxxxxxxxxxxxxxxxx
>>>> OK! it has helped a lot of people realize what they needed. The section
>>>> "1. JOIN COMPUTERS TO THE DOMAIN" explains what you want.
>>>>
>>>> Sorry it did not work for you. (funny it worked for others)
>>>>
>>>> I'm interested though in hearing WHY you think it is confusing.
>>>>
>>>> --
>>>>
>>>> Cheers,
>>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>>> # Jorge de Almeida Pinto #
>>>> MVP Windows Server - Directory Services
>>>> BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>>> -----------------------------------------------------------------------------
>>>> * This posting is provided "AS IS" with no warranties and confers no
>>>> rights!
>>>> * Always test before implementing!
>>>> -----------------------------------------------------------------------------
>>>>
>>>>
>>>> -----------------------------------------------------------------------------
>>>> "Jimmy D" <NOSPAM_jjd228@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>>> news:%23b2ddrfHGHA.2212@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> yes, im sorry but this is the most confusingly written webpage ive
>>>>> ever seen.... ive looked before and it solves nothing
>>>>>
>>>>> thanks
>>>>>
>>>>>
>>>>> "Jorge de Almeida Pinto [MVP]"
>>>>> <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in
>>>>> message news:eEBYogfHGHA.1676@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>> see:
>>>>>> http://blogs.dirteam.com/blogs/jorge/archive/2006/01/05/369.aspx
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Cheers,
>>>>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>>>>> # Jorge de Almeida Pinto #
>>>>>> MVP Windows Server - Directory Services
>>>>>> BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>>>>> -----------------------------------------------------------------------------
>>>>>> * This posting is provided "AS IS" with no warranties and confers no
>>>>>> rights!
>>>>>> * Always test before implementing!
>>>>>> -----------------------------------------------------------------------------
>>>>>>
>>>>>>
>>>>>> -----------------------------------------------------------------------------
>>>>>> "Jimmy D" <NOSPAM_jjd228@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>>>>> news:euui8ZfHGHA.2036@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>>i need to allow a helpdesk group in AD (win2003) to join a computer
>>>>>>>to the domain, and create the computer account if it doesnt exist....
>>>>>>>ive tried everything, read every possible article.... nothing works.
>>>>>>>can someone help? this shouldnt be so difficult
>>>>>>>
>>>>>>> :(
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>


.

Relevant Pages

  • Re: Delegate Control?
    ... For delegation of control check: ... Do "normal" users have access to query AD OU's? ... Why would an account that has no other rights be ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD Delegation
    ... Enable auditing account management for successful events in the default ... >> delegation of control wizard you can create a custom task that applies to ... >> delegated task "Reset user passwords and force password change at next ...
    (microsoft.public.win2000.active_directory)
  • Re: Account control
    ... control is there something I can use to show me the current delegation? ... They set my personal admin account up as a member of the 'domain ... Our enterprise admin group only has the administrator account in it. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Delegation of rights
    ... > side the OU you have delegated the control to, ... Delegate only the required rights, in this case may not full ... May only to child objects within the OU and so on. ... >>> May the Step-by-Step Guide to Using the Delegation of Control Wizard can ...
    (microsoft.public.win2000.active_directory)
  • RE: Delegation of control wizard question
    ... Delegating Control of Custom Tasks ... predefined options were selected for delegation. ... On the Tasks to Delegate page, click Create a custom task to delegate. ... On the Active Directory Object Type screen, ...
    (microsoft.public.windows.server.general)
Loading