Rights needed to rejoin domain?

[John Johnston]

Does anyone know what rights to assign to allow a user to rejoin a W2K
workstation to an AD domain. In our environment, sometimes it's necessary
for a user to remove their workstation from the domain; inevitably, it takes
an administrator account to rejoin.

I understand that anyone can join a machine to the domain, after the
computer account is created, but this does not seem to hold true joining a
workstation after it's been removed.

Thanks.

John

 

[anonymous]

you must have administrative rights to add a computer to
a domain. that is where you are getting blocked on the
box you removed from the domain. you have to have admin
rights to rejoin the domain and create the computer
account.

 

[Torgeir Bakken (MVP)]

Does anyone know what rights to assign to allow a user to rejoin a W2K
workstation to an AD domain. In our environment, sometimes it's necessary
for a user to remove their workstation from the domain; inevitably, it takes
an administrator account to rejoin.

I understand that anyone can join a machine to the domain, after the
computer account is created, but this does not seem to hold true joining a
workstation after it's been removed.

Hi

To let a ordinary domain user be able to rejoin the computer to the domain, you
need to set the rights on the computer object when you create it in AD. When you
create it, under "The following user or group can join this computer to the
domain", click on the "Change..." button, and change the default value "Domain
Admins" to e.g. "Authenticated Users", or to the specific user of that computer.

Of course, the user needs to have administrator rights on the local computer
(but not on the domain) to be able to rejoin the computer.

 

[Bruce Chambers]

Greetings --

The user must be either an Account Operator or an Administrator.

Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH