Join a domain - what privelegies do I need?

  • Thread starter Thread starter Roman
  • Start date Start date
R

Roman

There is local policy ->User right assignment->Add workstation to domain,
but it doesn`t work. I define in it that Authanticated Users can join
workstation to the donain. However, only members of Domain Admins group can
do this operation.

Could you tell me, where I mistaken?

Thanks in advance.
 
There is local policy ->User right assignment->Add workstation to domain,
but it doesn`t work. I define in it that Authanticated Users can join
workstation to the donain. However, only members of Domain Admins
group can do this operation.

Could you tell me, where I mistaken?
Click to expand...

Yes: with that privilege enabled, you can do anything *on the
workstation*... but you still need to add it to the domain, and I bet you
don't have the same privilege there :-)

Massimo
 
Massimo said:
Yes: with that privilege enabled, you can do anything *on the
workstation*... but you still need to add it to the domain, and I bet you
don't have the same privilege there :-)

Massimo
Click to expand...

The domain group policy is the same - User right assignment->Add workstation
to domain = Authanticated Users. So, when I check an effective policy on the
domain controller, it is - User right assignment->Add workstation to domain
= Authanticated Users. But when I try to use an user account in Active
Directory system returns me an error - access denied. there is no problem
when I use a Domain Admins account.

Where is a mistake?
Thanks in advance!
 
You have to do this in Domain Controllers security settings - the default is
Authenticated Users.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
 
I've did ecxactly what you said. Even more, I specify the ecxact user in the
domain controller policy console. But still can't join the domain - an
error - access denied.

Any ideas? may be only members of domain admins group can do this
operation?
 
I have the same (or similar) problem.
I have a user which has "Add Workstation To Domain" rights, but gets access
denied.
I found out, that when the computer is new, this user has no problem, but
when the workstation is reinstalled and it already has that computer account
in the server manager, I get access denied.
This user can not belong to domain admins, so I need to find a solution for
this.
I'm doing it from an XP workstation BTW,


Amir.
 
This problem may be the result of computer account ownership and/or the 10
account limit on user created accounts. Try this:

1. Open Active Directory Users and Computers.

2. Click on View and check Advanced Features.

3. Right click the Computers container and select Properties.

4. Select the Security tab, and Add the desired user.

5. Click on the Advanced button, highlight the added user, and click the
View/Edit button.

6. Check the Allow box for Create Computer Objects.

See:
http://www.microsoft.com/technet/tr.../windowsserver2003/proddocs/entserver/526.asp

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
 
In my case it's not an AD, it's windows 4.0 domain.
My workaround was to cpy a user that does work and remove the groups I
didn't need.

Amir.
 
Back
Top