Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Restrict Addition of New Computer Account Names/Objects

  • Filter
  • Time
  • Show
Clear All
new posts

  • Restrict Addition of New Computer Account Names/Objects

    I would like to restrict the addition of computers accounts in AD to pre-existing computer names for a given group of users we'll call "non-admin".

    I have granted these users GPO rights to "add workstations to the domain" and I have increased the default limit of 10.

    The piece I am missing is the ability to limit the non-admin user group from adding computer account names that DONT already exist.

    Example: I have created many computer objects in specific OUs prior to a rollout of new PCs. I want to restrict the non-admin techs to be able join the new PCs using existing names ONLY.

    Can this be done?
    Will restricting the ability to create objects in the domain do the trick? (testing this now ...)

    thanks all!