account for tech to add pc's to domain

Toggle sidebar Toggle sidebar
G

Greg

Distinguished
Dec 31, 2007
936
0
18,980
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hello,

I used the "delegate Control" Wizard, picked an account, selected "Join a
computer to domain" and finished. Problem is that I cant add computers to the
domain with that account?

Is there a better way to do this?

thanks
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Has this user joined any machines to the domain in the past?

What error do you get?

What (advanced) permissions does this user have on the USERS container?


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

"Greg" <Greg@discussions.microsoft.com> wrote in message
news:0F8042EB-4E44-4005-B209-6EE19EF7B914@microsoft.com...
Hello,

I used the "delegate Control" Wizard, picked an account, selected "Join a
computer to domain" and finished. Problem is that I cant add computers to
the
domain with that account?

Is there a better way to do this?

thanks
 
G

Greg

Distinguished
Dec 31, 2007
936
0
18,980
Archived from groups: microsoft.public.win2000.active_directory (More info?)

No has not joined any machines in the past. A new account. First time setting
this up. The error is a permissions error. The account has "create computer
Objects" permissions.


"ptwilliams" wrote:

> Has this user joined any machines to the domain in the past?
>
> What error do you get?
>
> What (advanced) permissions does this user have on the USERS container?
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Greg" <Greg@discussions.microsoft.com> wrote in message
> news:0F8042EB-4E44-4005-B209-6EE19EF7B914@microsoft.com...
> Hello,
>
> I used the "delegate Control" Wizard, picked an account, selected "Join a
> computer to domain" and finished. Problem is that I cant add computers to
> the
> domain with that account?
>
> Is there a better way to do this?
>
> thanks
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Which container did you delegate access for? Machines are, by default,
added to the Computers container.

I'd also recommend using a group for the purpose of delegation.

It sounds like you're already aware that the right to "Add workstations to
the domain" in user rights assignment is different from delegated control to
add or delete computer accounts to or from a container.

Oli



"Greg" <Greg@discussions.microsoft.com> wrote in message
news:0F8042EB-4E44-4005-B209-6EE19EF7B914@microsoft.com...
> Hello,
>
> I used the "delegate Control" Wizard, picked an account, selected "Join a
> computer to domain" and finished. Problem is that I cant add computers to
> the
> domain with that account?
>
> Is there a better way to do this?
>
> thanks
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Whoops!!! Meant to say COMPUTERS container [blush]

Did you configure permissions on the Computers container or an OU?

--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/


"Greg" wrote:

> No has not joined any machines in the past. A new account. First time setting
> this up. The error is a permissions error. The account has "create computer
> Objects" permissions.
>
>
> "ptwilliams" wrote:
>
> > Has this user joined any machines to the domain in the past?
> >
> > What error do you get?
> >
> > What (advanced) permissions does this user have on the USERS container?
> >
> >
> > --
> >
> > Paul Williams
> >
> > http://www.msresource.net/
> > http://forums.msresource.net/
> >
> > "Greg" <Greg@discussions.microsoft.com> wrote in message
> > news:0F8042EB-4E44-4005-B209-6EE19EF7B914@microsoft.com...
> > Hello,
> >
> > I used the "delegate Control" Wizard, picked an account, selected "Join a
> > computer to domain" and finished. Problem is that I cant add computers to
> > the
> > domain with that account?
> >
> > Is there a better way to do this?
> >
> > thanks
> >
> >
> >
 
J

jw

Distinguished
Apr 2, 2004
283
0
18,780
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Can you elaborate on the difference between delegate control and user rights?

I would like to have a group that can add machines to the domain from the
workstations and have them go into a specific ou container that they are in
not the default computer container.
I have the group set up and the delegate control seems correct but can't get
the container thing fugured out. It always goes to the default container even
though the group only has security set up on a specific ou container.

"Oli Restorick [MVP]" wrote:

> Which container did you delegate access for? Machines are, by default,
> added to the Computers container.
>
> I'd also recommend using a group for the purpose of delegation.
>
> It sounds like you're already aware that the right to "Add workstations to
> the domain" in user rights assignment is different from delegated control to
> add or delete computer accounts to or from a container.
>
> Oli
>
>
>
> "Greg" <Greg@discussions.microsoft.com> wrote in message
> news:0F8042EB-4E44-4005-B209-6EE19EF7B914@microsoft.com...
> > Hello,
> >
> > I used the "delegate Control" Wizard, picked an account, selected "Join a
> > computer to domain" and finished. Problem is that I cant add computers to
> > the
> > domain with that account?
> >
> > Is there a better way to do this?
> >
> > thanks
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi there.

The user interface for joining a PC to the domain from the client does not
allow you to enter an OU, so things always go to the Computers container.
There are two ways around this. The first is for an admin to create the
computer accounts (using dsa.msc). The second is to use the netdom.exe
utility (which can be found in the Support Tools folder on your Windows CD).
This has command-line parameters to allow you to specify an OU as an LDAP
path.

Hope that made sense.

Regards

Oli



"jw" <jw@discussions.microsoft.com> wrote in message
news:66C77D3E-8820-4B26-B207-E8D8D6E31EFE@microsoft.com...
> Can you elaborate on the difference between delegate control and user
> rights?
>
> I would like to have a group that can add machines to the domain from the
> workstations and have them go into a specific ou container that they are
> in
> not the default computer container.
> I have the group set up and the delegate control seems correct but can't
> get
> the container thing fugured out. It always goes to the default container
> even
> though the group only has security set up on a specific ou container.
>
> "Oli Restorick [MVP]" wrote:
>
>> Which container did you delegate access for? Machines are, by default,
>> added to the Computers container.
>>
>> I'd also recommend using a group for the purpose of delegation.
>>
>> It sounds like you're already aware that the right to "Add workstations
>> to
>> the domain" in user rights assignment is different from delegated control
>> to
>> add or delete computer accounts to or from a container.
>>
>> Oli
>>
>>
>>
>> "Greg" <Greg@discussions.microsoft.com> wrote in message
>> news:0F8042EB-4E44-4005-B209-6EE19EF7B914@microsoft.com...
>> > Hello,
>> >
>> > I used the "delegate Control" Wizard, picked an account, selected "Join
>> > a
>> > computer to domain" and finished. Problem is that I cant add computers
>> > to
>> > the
>> > domain with that account?
>> >
>> > Is there a better way to do this?
>> >
>> > thanks
>>
>>
>>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom