ask user add hosts into domain

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

I've just setup a AD and would like to ask all my users to add their
standalone hosts into this domain.

It looks like they would need to know the domain administrator password, so
they can join the domain? What's the right domain account/group I should
give them?
Can I ask them to run a script? Any link?

Thanks
 
-----Original Message-----
Hi,

I've just setup a AD and would like to ask all my users to add their
standalone hosts into this domain.

It looks like they would need to know the domain administrator password, so
they can join the domain? What's the right domain account/group I should
give them?
Can I ask them to run a script? Any link?

Thanks


.
Click to expand...
Nospam,

I would not give them the password to the Administrator
account, to any member of the Domain Admins Security
Group or to any other account with Administrative
privileges.

Instead, I might steal an idea from Mark Minasi and
create an "Installers" group - use it with RIS. This
group has one sole purpose: add computers to the domain.
Temporarily add everyone to this group. Allow them to
join their computers to the domain. Once everyone has
done this both remove them from this group.

Now, everyone should be able to join their computer to
the domain using their own credentials.

Now, how do you create the Installers group? Take a look
at pages 129 - 131 of "Mastering Windows 2000 Server".
Essentially, there are two things that you need to do.

Open up Active Directoy Users and Computers. Make sure
that Advanced View is enabled. At the top in the left
pane you will see Active Directory Uasers and Computers
and right under tha you will see "yourdomain.com". Right
Click "yourdomain.com" and select Properties. Go to the
Security Tab. You should see an entry
for "GSG_Installers". Select it and then click on the
Advanced... button in the lower left corner. We are
going to add two entries for the "GSG_Installers". Click
on Add. Select the "GSG_Installers" group. Down in the
permissions we are going to check two boxes - "create
computer objects" and "delete computer objects". Up at
the top we have to "APPLY TO" this object and all child
objects. We now need to add the second instance
of "GSG_Installers". Click on "Add" again and
select "GSG_Installers". In the "APPLY TO" box we need
to select "COMPUTER OBJECTS" and then select Full
Controll.

There you have it!

Remember, once everyone has done this simply remove them
from the Installers group.

HTH,

Cary
 
Thanks Cary,
I'll definetly try this.

Cary Shultz said:
Nospam,

I would not give them the password to the Administrator
account, to any member of the Domain Admins Security
Group or to any other account with Administrative
privileges.

Instead, I might steal an idea from Mark Minasi and
create an "Installers" group - use it with RIS. This
group has one sole purpose: add computers to the domain.
Temporarily add everyone to this group. Allow them to
join their computers to the domain. Once everyone has
done this both remove them from this group.

Now, everyone should be able to join their computer to
the domain using their own credentials.

Now, how do you create the Installers group? Take a look
at pages 129 - 131 of "Mastering Windows 2000 Server".
Essentially, there are two things that you need to do.

Open up Active Directoy Users and Computers. Make sure
that Advanced View is enabled. At the top in the left
pane you will see Active Directory Uasers and Computers
and right under tha you will see "yourdomain.com". Right
Click "yourdomain.com" and select Properties. Go to the
Security Tab. You should see an entry
for "GSG_Installers". Select it and then click on the
Advanced... button in the lower left corner. We are
going to add two entries for the "GSG_Installers". Click
on Add. Select the "GSG_Installers" group. Down in the
permissions we are going to check two boxes - "create
computer objects" and "delete computer objects". Up at
the top we have to "APPLY TO" this object and all child
objects. We now need to add the second instance
of "GSG_Installers". Click on "Add" again and
select "GSG_Installers". In the "APPLY TO" box we need
to select "COMPUTER OBJECTS" and then select Full
Controll.

There you have it!

Remember, once everyone has done this simply remove them
from the Installers group.

HTH,

Cary
Click to expand...
 
Back
Top