Announcement

Collapse
No announcement yet.

Joining Computer accounts to the domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Joining Computer accounts to the domain

    Hi,

    Hope you can assist me.

    Let me paint the scenario...

    We have lan techies that join computers to the domain. These objects then go into the computers container by default and is then moved via script into other OU's where they are locked down, until such time that another group of administrators can move them into their custom OU's,where GPO's are applied according to the business requirement.

    Now the issue is that when ever a machine's network card is replaced etc. The computer account needs to be deleted, then he joins to the domain from the client, then calls us, then we move it into the correct OU, all which takes a lot of time

    The alternative is our team (Account Operators), can pre-stage the account into the correct OU upfront, leaving the techie to just join to the domain.

    The problem with this scenario is...
    on the security log (I would imagine), it reflects the account operator's account that prestaged the account and not the guy in the field that joins to the domain.

    We need to this join event to be tied back to the lan tech in the field to for control purposes.
    If he just joins with out pre-creating, all is fine, the log reflects his account, but SLA suffers as he must call us to move the object into the correct OU

    Any ideas will be appreciated

    Eren

  • #2
    Re: Joining Computer accounts to the domain

    Don't know if this will help or not:

    http://forums.petri.com/archive/index.php?t-524.html

    Check out the last post by Daniel

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Joining Computer accounts to the domain

      Thanks very much for the help. Will take a look.

      Still need to some how manipulate the entries that get written to the security log...

      Comment


      • #4
        Re: Joining Computer accounts to the domain

        What does the security log look like if you just reset the computer account instead of delete it?
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: Joining Computer accounts to the domain

          Originally posted by Eren
          Now the issue is that when ever a machine's network card is replaced etc. The computer account needs to be deleted, then he joins to the domain from the client, then calls us, then we move it into the correct OU, all which takes a lot of time
          This part quite confuses me. There should be no reason that replacing a NIC should cause a broken secure channel between the computer and the AD.

          On the automation front, one thing I can think of is having some kind of process that monitors the Computers container and moves the computer accounts to appropreate OU based on some attribute (description ?). This way a techie can join the computer to AD (at that point he is the object owner and has permissions over the object), fill in the desired attribute and the automatic process will take care of the rest.
          Guy Teverovsky
          "Smith & Wesson - the original point and click interface"

          Comment

          Working...
          X