Announcement

Collapse
No announcement yet.

join wrkstn to domain by only one non admin group

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • join wrkstn to domain by only one non admin group

    First off, I have a feeling this is a reoccurring question, ive searched and tried various posts, but I must be illiterate.

    OK, I created a domain non admin user account and a domain non admin group , in the default user container. I want this sole group, along with admins, to join computers to the domain, what gp do I set this at? Ive tried the join wrkstin to domain in the local admin tools default dc policy and the local admin tools default security policy, just for curiosity, what do these actually point to and what precedence do they have? Ive tried the ou default domain policy, other ou policies, and no luck. What am I missing here, it just says access denied. If it matters, this is a 1 domain 2003/xp environment. Ive also created the computer accounts beforehand in the specific ou, not the computer container. Ive also checked to make sure Im entering the correct username and password.

    Thanks for any comments and just holler if anymore info is needed.

  • #2
    Re: join wrkstn to domain by only one non admin group

    Ok, I think I finally figured it out. I reset the add wrkstn to domain entry in all the gp's to not defined. I set the Default DC Policy add wrkstn to domain to allow IT Admin Group, then I delegated control to the specific OU to this group. Seemed to work like a charm. Was this the correct action or does someone have a better solution? Thanks again.

    Comment


    • #3
      Re: join wrkstn to domain by only one non admin group

      By default a regular user can join 10 computers to the domain.
      If you want to specify someone with these privileges, you can provide this privileges in two ways.

      Give a user the add workstation to the domain privilege, or give him the right to create computer objects in a particular OU. Note: De default computer cantainer is a container and not a OU. You can not delegate control over a container.

      http://technet2.microsoft.com/window....mspx?mfr=true
      [Powershell]
      Start-DayDream
      Set-Location Malibu Beach
      Get-Drink
      Lay-Back
      Start-Sleep
      ....
      Wake-Up!
      Resume-Service
      Write-Warning
      [/Powershell]

      BLOG: Therealshrimp.blogspot.com

      Comment


      • #4
        Re: join wrkstn to domain by only one non admin group

        For giving the computer joining rights in domain you just need to configure "Default Domain Policy", you do not need to touch rest of them.

        Additionally If you want to delegate these rights at OU level just make the changes in the policy which is applied at the same OU.........

        Regards,
        Kapil Sharma
        ~~~~~~~~~~~~~
        Life is too short, Enjoy It.

        Comment

        Working...
        X