Re: Adding workstations to domain
- From: "Richard Mueller" <rlmueller-NOSPAM@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 21 Sep 2006 20:09:50 -0500
Bad Beagle wrote:
Can someone please tell me the specific rights that are required to add
computer accounts to a domain? I would like to enable my dl-helpdesk
group to add computer accounts to the domain but no other users on the
network.
The four permissions to join a computer to a domain are:
Reset Password
Validated write to DNS host name
Validated write to service principal name
Write Account Restrictions
These are granted to a user or group on the Security tab of the computer
properites dialog in ADUC.
You can also grant these permissions on an OU to a group, so they apply to
all computer objects in the OU. Right click the OU in ADUC, select
Properties, click the Security tab (Advanced features may need to be enabled
on the View menu), click the Advanced button, select a group and click
View/Edit, on the Apply onto pulldown select Computer objects, and allow the
4 permissions. 3 are on the Object tab, the last is on the Properties tab.
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
.
- References:
- Adding workstations to domain
- From: Bad Beagle
- Adding workstations to domain
- Prev by Date: Re: Grant an extended right - Strange issue
- Next by Date: Delegation issue
- Previous by thread: Re: Adding workstations to domain
- Next by thread: Re: Adding workstations to domain
- Index(es):
