Re: Still having permission problems
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/29/05
- Previous message: peter.marshall_at_caris.com: "Re: Add PC to domain Problem"
- In reply to: peter.marshall_at_caris.com: "Still having permission problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Nov 2005 13:04:32 -0600
The only place that add workstations to the domain user right works is in
Domain Controller Security Policy where you should configure any user right
for the domain controllers. It is also possible that changes that you made
to Domain Controller Security Policy have not propagated yet or the user
that you are trying has not had his user security token refreshed to show
that user right. You can use the support tool command whoami /priv to show
the user rights in a security token. Note however that for regular users
this user right allows them to add only ten workstations to the domain
though that can be changed per info in the KB article below or give that
group create computer objects permission to the computer container in AD. I
would also recommend that you run the support tools netdiag, dcdiag, and
gpotool on your domain controllers to make sure that your domain is running
well and AD is replicating like it should. --- Steve
http://support.microsoft.com/?kbid=251335
<peter.marshall@caris.com> wrote in message
news:1133274809.348324.63770@g14g2000cwa.googlegroups.com...
>I was the poster of "Add PC to domain Problem". I am still stuck on
> this ... sort of.
>
> I made a group called "technical support". I put two users in there.
> Both were regular users with no special privledges. One user could add
> pc's to the domain, the other could not. I made a new user, added them
> to the group. They could not add pc's either.
>
> So now I am really confused. I have two users that should be able to
> add pc's, and one user who can, but I have no idea why.
>
> Does anyone have any idea how to troubleshoot this, or fix it ?
>
> The current configuration is that I added the group to the "add pc's to
> the domain" option under "Default Domain Controller Policy". I have
> also tried to do this under "Default domain policy" (although I do not
> know the difference between the two), as well as giving the user the
> appropriate permissions to the "Computers OU" in Active Directory.
>
> Thank you for any help that you can give.
>
> Peter
>
- Previous message: peter.marshall_at_caris.com: "Re: Add PC to domain Problem"
- In reply to: peter.marshall_at_caris.com: "Still having permission problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
