Re: Join domain requirement

Hi,

Yes, if you grant the 4 permissions, a normal user (with no other admin
rights) can join the computer to the domain.

You can also use the Delegation of Control wizard to grant permission to a
user or group to join any computer in an OU to the domain. See this link:

http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/windows2000/en/advanced/help/sag_RIS_pro_Join_Domain_Computers.htm

Also, when computer objects are created in ADUC you have the option of
granting a user or group permission to join the object to the domain. The
GUI then grants the same 4 permissions listed in my previous link to the
selected user or group.

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net

<ckwong19802003@xxxxxxxxx> wrote in message
news:E8785F4A-8457-4D3A-83BD-217057B176DD@xxxxxxxxxxxxxxxx
hi,

is that we can define the normal user to join domain.Kindly advise


"Richard Mueller" wrote:

Hi,

I have a sample VBScript program that grants the permissions required to
join a computer to a domain:

http://www.rlmueller.net/JoinComputer.htm

The link lists the 4 permissions required. They are granted on the
computer
object. You can give the permissions to a group or user. You can do it
manually in ADUC.

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net

"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message
news:uKECYWndGHA.3348@xxxxxxxxxxxxxxxxxxxxxxx
see:
http://blogs.dirteam.com/blogs/jorge/archive/2006/01/05/369.aspx

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
<ckwong19802003@xxxxxxxxx> wrote in message
news:96D10D4C-7709-41C3-96C0-2BBA24F148AA@xxxxxxxxxxxxxxxx
hi

Will like to ask what will be the join pc to the domain requirement
accept
from giving full administrator.Kindly advise







.

Relevant Pages

  • Re: SQL Server 2005 Stored Procedure security annoyances
    ... stored proecedure on a database wide level? ... GRANT EXECUTE ON SCHEMA::MySchema TO MyRole ... I am sure I will forget some SP's and probably forget to set the rights ... permissions because not all stored procedures are equal. ...
    (microsoft.public.sqlserver.security)
  • Re: What happens to the machine name in AD?
    ... The user needs Write permissions on the computer object to modify all ... usually grant these rights on the OU that contains the computer objects. ...
    (microsoft.public.windows.server.active_directory)
  • Re: USERS group has the ability to change security permissions???
    ... Please use the Advance view in the NTFS permissions dialog to ... When there is a generic grant and a special grant to the same entity ... the RESULT: user level access can change NTFS ...
    (microsoft.public.win2000.security)
  • Re: DCOM Event ID 10015
    ... Grant the user permissions to start the COM component ... Run the MPSRPT_DirSvc.exe on the server box. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: NTFS woes
    ... "In some cases with a grant of Full is reduced ... NTFS permissions dialog. ... check Allow Delete Subfolders and Files ... Explicit Deny Delete on file does not work (user can still delete ...
    (microsoft.public.windows.server.security)