Discussion in 'Active Directory' started by Misoft, Apr 23, 2005.

    I have a person who i must delegate him to join domain permission .I do :
    Right click , delegate control ...,next ,add user
    ,next ,checked "Join a computer to the domain" ,next ,finnish .But Peter
    cannot join another computer to domain .
    Pls ,tell me WHY ?
    How can I delegate him join another computer to domain ???
    Thank so much for reading !!!
    Misoft, Apr 23, 2005
  2. neo [mvp outlook], Apr 23, 2005
    Misoft, Apr 23, 2005
  4. Lets go thru the steps.

    1) Delegated the right to create a computer account in a specific OU

    2) User creates the computer account in the OU *AND* specifies which
    account/group may join the computer to the domain. (Watch this one as it
    defaults to Domain Admins and tends to be what generates the Access Denied

    3) User goes to machine in question and joins it to the domain within 15
    neo [mvp outlook], Apr 23, 2005
    Wouldn't it be easier to just delegate the permissions on the computers

    And then, grant delete as well and write in another OU so that a move can be

    Maybe not, I would assume that pre-creating computer accounts would be a
    real chore ;-)
    ptwilliams, Apr 24, 2005
  6. maybe for some... maybe not for others. really depends on how the site
    neo [mvp outlook], Apr 25, 2005
    I guess.

    I just wouldn't give the people who join the machines to the domain any
    access to AD --they'd just be able to add machines. Somebody else could
    move those computers ;-)
    ptwilliams, Apr 25, 2005
