permissions to add computer account to domain

[Steven L.]

My customer wants me to create a user account that can
just be used to add new workstations to the domain. They
have a Win2000 domain, and they want to add computers to
the domain by changing the domain properties at the
workstation. I have added the user account to the
security list on the Computers OU in Active Directory. I
also allowed the user account "Create Computer Objects"
and "Delete Computer Objects" in the advanced security
list for the Computers OU, and I set the Apply Onto field
to "This object and all child objects". After applying
these settings, I still can not add a computer to the
domain, but I can remove the computer from the domain and
add it to a workgroup. Any help would be appreciated.

 

[Cary Shultz]

-----Original Message-----
My customer wants me to create a user account that can
just be used to add new workstations to the domain. They
have a Win2000 domain, and they want to add computers to
the domain by changing the domain properties at the
workstation. I have added the user account to the
security list on the Computers OU in Active Directory. I
also allowed the user account "Create Computer Objects"
and "Delete Computer Objects" in the advanced security
list for the Computers OU, and I set the Apply Onto field
to "This object and all child objects". After applying
these settings, I still can not add a computer to the
domain, but I can remove the computer from the domain and
add it to a workgroup. Any help would be appreciated.
.

Steve,

That would be due to the fact that you are only half-way
there! You still need one more entry:

You need to apply to "Computer Objects" from the drop
down list the Full Controll Permission for that user
account.

So, you would have two entries: the one applied to "This
Object and all Child Objects" as well as the one applied
to "Computer Objects"...

HTH,

Cary