Options

Allow - Create Computer Objects

kpm2kkpm2k Member Posts: 3 ■□□□□□□□□□
in Server 70-290
Just wondering where one goes about assigning this permission, according to Transcender, it says to give the permission within "Active Directory Users and Computers" on the Computers object, yet I only get the ability to change the description. I know there is a GPO for adding users to the domain, in the security settings though. (And the fact that by default, any user can add upto 10 computers to the domain)

Any ideas?
· Share on FacebookShare on Twitter

Comments

  • Options
    sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    on the Computers object

    When you create a new computer account in ADUC, the first screen in the wizard (New-->Computer) has a box "The following user or group can join this computer to a domain". Change it from the default Domain Admins to whomever you want.
    All things are possible, only believe.
    · Share on FacebookShare on Twitter
  • Options
    dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    in ADUC, right-click on the domain (mycompany.com or whatever) and choose delegate control, click next, add users/groups, click next, and choose join a computer to the domain.
    · Share on FacebookShare on Twitter
  • Options
    sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    dynamik wrote:
    in ADUC, right-click on the domain (mycompany.com or whatever) and choose delegate control, click next, add users/groups, click next, and choose join a computer to the domain.

    Hi dynamik:
    I didn't see "join a computer to the domain" as an option, even under Advanced. Is it only available at the Top Level Domain Policy? I checked under a couple of OU's, but not the domain level. Also, it looks like his reference was specifically talking about the "Computer Object".
    All things are possible, only believe.
    · Share on FacebookShare on Twitter
  • Options
    dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Yeah, it's at the domain level. I'm assuming that's because it's more a domain-level task than an OU-level task. He mentioned the 10 computer limit that each user has as well as GPO, so I thought he was referring to a larger scale solution. I didn't see he specifically mentioned working with the computer object, so your answer is probably more appropriate for this situation.

    [edit]
    Oh nice, you even singled that part out in a quote. Sorry man - it was the end of an exhausting day at work :)
    · Share on FacebookShare on Twitter
  • Options
    sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    dynamik wrote:
    Yeah, it's at the domain level. I'm assuming that's because it's more a domain-level task than an OU-level task. He mentioned the 10 computer limit that each user has as well as GPO, so I thought he was referring to a larger scale solution. I didn't see he specifically mentioned working with the computer object, so your answer is probably more appropriate for this situation.

    [edit]
    Oh nice, you even singled that part out in a quote. Sorry man - it was the end of an exhausting day at work :)

    Oh wait, I found it in the GPO policy under User Right Assignments - Join Computer to domain. I just couldn't see it in the Delegation Wizard. Thanks! :)
    All things are possible, only believe.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.