Archived from groups: microsoft.public.win2000.group_policy (More info?)
Hello all,
For security purposes, I have trimmed the members of the Domain Admins group
accross all domains to only a select few. When doing this, ex-members of
that group are no longer able to add machines to the domain. In Default
Domain Policy and Default Domain Controllers Policy | User Rights Assignment,
I have added these users to the "Add workstations to the Domain" policy, but
it still doesn't work. I have also Delegated control to the Computers
container so they have the right to write.
What am i missing? I need these users to be able to add machines to the
domain without them having domain admin rights. Thanks.
Hello all,
For security purposes, I have trimmed the members of the Domain Admins group
accross all domains to only a select few. When doing this, ex-members of
that group are no longer able to add machines to the domain. In Default
Domain Policy and Default Domain Controllers Policy | User Rights Assignment,
I have added these users to the "Add workstations to the Domain" policy, but
it still doesn't work. I have also Delegated control to the Computers
container so they have the right to write.
What am i missing? I need these users to be able to add machines to the
domain without them having domain admin rights. Thanks.