Allow - Create Computer Objects

kpm2kkpm2k Member Posts: 3 ■□□□□□□□□□
Just wondering where one goes about assigning this permission, according to Transcender, it says to give the permission within "Active Directory Users and Computers" on the Computers object, yet I only get the ability to change the description. I know there is a GPO for adding users to the domain, in the security settings though. (And the fact that by default, any user can add upto 10 computers to the domain)

Any ideas?

Comments

  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    on the Computers object

    When you create a new computer account in ADUC, the first screen in the wizard (New-->Computer) has a box "The following user or group can join this computer to a domain". Change it from the default Domain Admins to whomever you want.
    All things are possible, only believe.
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    in ADUC, right-click on the domain (mycompany.com or whatever) and choose delegate control, click next, add users/groups, click next, and choose join a computer to the domain.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    dynamik wrote:
    in ADUC, right-click on the domain (mycompany.com or whatever) and choose delegate control, click next, add users/groups, click next, and choose join a computer to the domain.

    Hi dynamik:
    I didn't see "join a computer to the domain" as an option, even under Advanced. Is it only available at the Top Level Domain Policy? I checked under a couple of OU's, but not the domain level. Also, it looks like his reference was specifically talking about the "Computer Object".
    All things are possible, only believe.
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Yeah, it's at the domain level. I'm assuming that's because it's more a domain-level task than an OU-level task. He mentioned the 10 computer limit that each user has as well as GPO, so I thought he was referring to a larger scale solution. I didn't see he specifically mentioned working with the computer object, so your answer is probably more appropriate for this situation.

    [edit]
    Oh nice, you even singled that part out in a quote. Sorry man - it was the end of an exhausting day at work :)
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    dynamik wrote:
    Yeah, it's at the domain level. I'm assuming that's because it's more a domain-level task than an OU-level task. He mentioned the 10 computer limit that each user has as well as GPO, so I thought he was referring to a larger scale solution. I didn't see he specifically mentioned working with the computer object, so your answer is probably more appropriate for this situation.

    [edit]
    Oh nice, you even singled that part out in a quote. Sorry man - it was the end of an exhausting day at work :)

    Oh wait, I found it in the GPO policy under User Right Assignments - Join Computer to domain. I just couldn't see it in the Delegation Wizard. Thanks! :)
    All things are possible, only believe.
Sign In or Register to comment.