adding macine to domain

[kaunas]

Hello,

What rights can I give to user to add new machine to domain, without giving
him domain admin rights.


Thanks

 

[Tim Hines [MSFT]]

You can give the user the right to "add workstations to the domain" in a
group policy. The authenticated users group has this right by default and
the users can add up to 10 workstations to the domain. For more info see
251335 Domain Users Cannot Join Workstation or Server to a Domain
http://support.microsoft.com/?id=251335


--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Master_Fore]

You should create a new group. Add your users that you
want to join the domain to that group, then apply that
group to the OU that you want them to administer. Good
luck.

 

[Guest]

If I delegate "add/delete computer objects" to authenticated users then wouldn't this allow authenticated users to add an infinite number of machine accounts instead of the default behavior of 10. Right now authenticated users get access denied when trying to add machines to the domain. In addition, I've delegated "add/delete computer objects" to an admin group and those admins are unable to join a machine to the domain from the workstation unless they change the name first. They are, however, able to add machines with the net command or through the users and computers MMC. A domain admin is able to join the machine to the domain from the workstation. This leads me to believe that there is a permissions problem with the computers container. Any thoughts? Thanks.



----- kaunas wrote: -----

Hello,

What rights can I give to user to add new machine to domain, without giving
him domain admin rights.


Thanks