Archived from groups: microsoft.public.win2000.active_directory (
More info?)
Sounds like a plan.
Use either the Restricted Groups function of GPO; or
net localgroup administrators /add domainName\userName in a startup script
--
Paul Williams
http://www.msresource.net
http://forums.msresource.net
"richierich" <rsr2564@hotmail.com> wrote in message
news:uOoxDifHFHA.2784@TK2MSFTNGP09.phx.gbl...
I guess then I need to create a security group called Jr Admin or something
like that, script that out to all systems in the domain, then he should be
able to chaneg the name?
"ptwilliams" <ptw2001@hotmail.com> wrote in message
news:Osw21mdHFHA.2132@TK2MSFTNGP14.phx.gbl...
> The user also needs administrative permissions and rights on the source
> computer.
>
> So, the junior admins needs the create and delete computer object
> permission
> on the OU that the computer is in, and needs to be a member of the local
> administrators group on the PC that is being renamed.
>
>
> --
>
> Paul Williams
>
>
http://www.msresource.net
>
http://forums.msresource.net
>
>
> "richierich" <rsr2564@hotmail.com> wrote in message
> news:OxClw1cHFHA.1392@TK2MSFTNGP10.phx.gbl...
> No, your direction is not correct. The question is, what permissions are
> needed to rename a computer object in AD? I too thought add/del would
> work,
> but it stil gives an access denied when attempting to rename a computer
> already in AD.
>
> -thanks
>
>
>
> "ptwilliams" <ptw2001@hotmail.com.donotspam> wrote in message
> news
C5BBF86-CA90-46EE-BA2A-A10BF1E81CA2@microsoft.com...
>> That's it. Although he'll also need read, but should have that by
>> default.
>>
>> What isn't working if you've done this? What error are you getting?
>>
>> Start by checking that the DHCP Client Service is rset to automatically
>> start
>> and is running on the DC; that the DNS zone accepts dynamic updates; and
>> that
>> the DC is pointing to itself for DNS.
>>
>> Once you've done this, restart netlogon.
>>
>> After restarting netlogon, run netdiag /test:dns.
>>
>> Run the tests again.
>>
>> The missing SPNs is worrying; however, we have to make sure DNS is
>> working
>> correctly before we can further troubleshoot anything else...
>>
>> --
>>
>> Paul Williams
>>
>> http://www.msresource.net/
>> http://forums.msresource.net/
>>
>> "richierich" wrote:
>>
>>> funny, I did that and it did not work. I thought that would be it too.
>>> mmmmm. anything else to look at?
>>>
>>>
>>> "ptwilliams" <ptw2001@hotmail.com.donotspam> wrote in message
>>> news:0B7B022D-B104-44EC-A40B-8552CFE55971@microsoft.com...
>>> > Load ADU&C (dsa.msc) and select Advanced Features from the View
>>> > drop-down
>>> > menu.
>>> >
>>> > Then right-click the container or OU that you wish to configure the
>>> > delegation on and choose properties. In the properties tab, choose
>>> > Security
>>> > and then Advanced. In the Access Control Settings for <OU Name>
>>> > choose
>>> > add,
>>> > add the user name, and then in the Permission Entry for <OU Name>
>>> > select
>>> > the
>>> > following Allow permissions:
>>> >
>>> > Create Computer Objects
>>> > Delete Computer Objects
>>> >
>>> >
>>> > Hope this helps,
>>> >
>>> > --
>>> >
>>> > Paul Williams
>>> >
>>> > http://www.msresource.net/
>>> > http://forums.msresource.net/
>>> >
>>> > "richierich" wrote:
>>> >
>>> >> I want to delegate admin tasks to a jr admin. I want him
>>> >> specifically
>>> >> to
>>> >> be
>>> >> able to rename computer objects in my domsin. what settings do I
>>> >> need
>>> >> to
>>> >> check to allow this? I did the delegation wizard, but it is not that
>>> >> granular in its use.
>>> >>
>>> >> -thanks
>>> >>
>>> >>
>>> >>
>>>
>>>
>>>
>
>
>