Giving Users Right To Join Computers To Domain

Home Forums Microsoft Networking and Management Services Active Directory Giving Users Right To Join Computers To Domain

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    Robert R.
    Participant
    #155517

    environment: Windows 2008 R2 active directory (Windows 2003 functional level domain)

    DOMAIN
    |
    |- Computers (default OU)
    |
    |_ OU 01
    |
    |- OU 02
    |
    |- OU 03
    |
    |- OU 04
    |
    |- OU 05
    | |-people
    | |-computers
    |
    |- OU 06

    We have employees who act as tech support for the individual departments.

    We do not want to make them Domain Administrators.

    (1) Is it possible to give a user rights to join and remove computers from the Windows domain for a specific OU (which corresponds to their department)?

    For example, given the structure above, can a user be given permission to take a workstation that is in the standalone WORKGROUP, and join it to the domain in OU 05computers ?

    (2) Conversely, can they remove the computer, and the computer account, from the domain?

    In the past, this task has always been done by Domain Administrators, so I’ve never given it any thought. But we’d like to delegate it to others.

    Thanks.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.