Specific permission needed to join computers to a domain?

From: "Jason W." <jasonwilliams74@xxxxxxxxx>
Date: Tue, 26 Jun 2007 19:59:48 -0000

What specific permission does an account need in order to join a new
computer to a domain?

I ask because I am trying to widdle down the number of domain admins
on our network and use delegation as needed.

One of the things I was thinking about is what type of permission our
techs would need in order to bring new computers built, into our
domain.

Does it have to be domain admins?
Can I setup some type of delegation on the 'Computers OU' and give a
group certain access?

If they wanted to move a computer to a specific OU bin, i could use
delegation for that as well?

Thanks.

JW

.

Prev by Date: Re: Computer and User objects are not inheriting permissions
Next by Date: Re: Tools to be Used in Simulating Produdction A.D.
Previous by thread: ADAM - MSDS-UserAccountDisabled
Next by thread: Re: Specific permission needed to join computers to a domain?
Index(es):
- Date
- Thread

Relevant Pages

Re: Unable to prevent OU deletion by Domain Admins?
... > that DENY ACLs trump any allow ACLs ... Deny permissions take precedence over allow ... the list of permission entries in the DACL. ... I understand that domain admins have the delete and delete subtree rights at the domain level. ...
(microsoft.public.win2000.active_directory)
Re: Unable to prevent OU deletion by Domain Admins?
... >> that DENY ACLs trump any allow ACLs ... Deny permissions take precedence over allow ... > the list of permission entries in the DACL. ... > You could modify the default domain admins permissions so that they no ...
(microsoft.public.win2000.active_directory)
Re: Restricting Domain Admins
... > Change the security on the adminSDHolder container so that domain admins ... > Modify Permissions ... >>> Removed Modify permission ... >>> Removed modify owner permission ...
(microsoft.public.windows.server.security)
Re: Restricting Domain Admins
... > protect the domain admins group to the level that I require. ... >>> Modify Permissions ... >>> modifying the domain admins group membership, ... >>>>> Removed Modify permission ...
(microsoft.public.windows.server.security)
Re: Joining Computers to Domain
... password of the new user that I delegated the permission to. ... >>"preset delegation task" for "Joining computer to the ... >>Derek Melber ... >>> Also, an afterthought on my personal user account, ...
(microsoft.public.windows.group_policy)