Re: How grant rights to add servers to domain into a particular OU

Yep Jorge, It's all there. I only just read the blog myself.
Nice!

"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:%23uFsbg2DIHA.4296@xxxxxxxxxxxxxxxxxxxxxxx
do you remember the 1st link that I provided you?
Did you read the Computer Section? No? Please read it again.

--
===================================
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
===================================

"JJP" <anonymous@xxxxxxxxxxxxx> wrote in message
news:%23POtD91DIHA.4752@xxxxxxxxxxxxxxxxxxxxxxx
It is a Security Group that I am using to Delegate Control to. I was
users in that group to be able to ADD/REMOVE computers from the domain in
that OU. If that involves creating an account and joining to the domain,
then, yes, both.
Thanks!


"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:%23F7V5x1DIHA.4332@xxxxxxxxxxxxxxxxxxxxxxx
You should use Security groups instead of single user accounts
You want the ability to create computer objects in that OU, or Join
computers to the Domain, or both?

--
===================================
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
===================================

"JJP" <anonymous@xxxxxxxxxxxxx> wrote in message
news:%239c1Tg1DIHA.748@xxxxxxxxxxxxxxxxxxxxxxx
Here are the steps I followed, still get Access Denied, I must be
missing or misunderstanding something:
1.. On your domain control, click Start, point to Administrative
Tools, and select Active Directory Users and Computers.
2.. Right click the container that you want the user to create
computer accounts in and select Delegate Control.
3.. Click Next.
4.. Click Add.
5.. Add the appropriate user account and click Next.
6.. Click the Create custom task to delegate option and click Next.
7.. Click Only the following objects in the folder.
8.. Click Computer Objects and Create selected objects in this folder.
Click Next.
9.. Click Create all child object and click Next.
10.. Click Finish.




"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:O8GBDO1DIHA.536@xxxxxxxxxxxxxxxxxxxxxxx
Ok,
everything in the link that I provided before.

--
===================================
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
===================================

"JJP" <anonymous@xxxxxxxxxxxxx> wrote in message
news:uSQjSS0DIHA.3332@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for the reply.
I want this group to be able to add their department servers to our
domain. They do not have domain controllers; they do not have a
domain. They have 200 servers (file/print/web/etc.) that are just
part of workgroup and they are in need of joining our domain.



"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:eePxWE0DIHA.2004@xxxxxxxxxxxxxxxxxxxxxxx
Hi
Assuming that you're talking about DCs, check:
http://blogs.dirteam.com/blogs/jorge/archive/2006/01/05/369.aspx


--
===================================
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
===================================

"JJP" <anonymous@xxxxxxxxxxxxx> wrote in message
news:%23Izos2zDIHA.4544@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I am looking for documenation on how to give a domain group, with
Domain Users in it, ability to add and remove servers from a domain
and specifically one particular OU.

I have created an Organization Unit.
I have created a group, let's call it OU Server Admins.
I have added domain users to that group.
I have went to the Properties of the OU I want them to manage.
I have given the OU Server Admins group "Special Permissions" of
Full Control on the Computer Object.
I have logged into a server that is in a workgroup with a local
account.
I have tried to add that server to the domain using a user account
that is in the OU Server Admins group.
"Bad username or password" is the message I receive.

I assume there is more to do in order to set this up correctly?
Thanks in advance.




















.

Relevant Pages

  • Re: How grant rights to add servers to domain into a particular OU
    ... MCSE, MVP Directory Services ... Add the appropriate user account and click Next. ... Click Computer Objects and Create selected objects in this folder. ... let's call it OU Server Admins. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Need to input the account and password when access "\DC etlo
    ... As Jorge said check the event logs. ... any account to access the folder, but for Win2K server, why? ...
    (microsoft.public.windows.server.active_directory)
  • Re: How grant rights to add servers to domain into a particular OU
    ... It is a Security Group that I am using to Delegate Control to. ... Add the appropriate user account and click Next. ... Click Computer Objects and Create selected objects in this folder. ... I have given the OU Server Admins group "Special Permissions" of Full ...
    (microsoft.public.windows.server.active_directory)
  • Re: Demoting a DC in W2003
    ... > Hi Jorge, ... whch you can just delete from Server Manager. ... Microsoft Public Newsgroups, and it is FREE and DOES NOT require a Usenet ... With OEx, you can easily find your post, track ...
    (microsoft.public.win2000.active_directory)
  • Re: Lingering objects, replication on dcs
    ... Hi Jorge, I looked at the events carefully and I remembered after I did the ... whack, but there's still some replication issues, I noticed it replicates ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... the old 2k DC and then uninstall e2k3, reinstall the 2k3 DC, I'm trying to ...
    (microsoft.public.windows.server.active_directory)
Loading