Re: Right to add computers to a domain

It's ok now. I had granted these rights on the "Computers" container, but
the computer was also member of an OU, so I had to grant the same rights to
the OU.

Thanks for your help, Paul and Florian!

--

Riki

"Riki" <riki@xxxxxxxxxx> wrote in message
news:%23w8i9AOeGHA.4932@xxxxxxxxxxxxxxxxxxxxxxx
I keep getting "Access denied" messages with a normal user account (when
joining from the client pc).
When I use a Domain Admin account, all goes well, so it's not a connection
problem.

I also granted the "Create Computer Objects" and "Delete Computer Objects"
permissions in the Group Policy.

--

Riki

"Paul Adare" <padare@xxxxxxxxxxx> wrote in message
news:MPG.1ed212dcb415f55598a14a@xxxxxxxxxxxxxxxxxxxxxxx
In article <ObU8a#$dGHA.4576@xxxxxxxxxxxxxxxxxxxx>, in the
microsoft.public.windows.server.security news group, Riki
<riki@xxxxxxxxxxxxx> says...

Is it possible to create a user on a domain (Windows 2003 Server) with
the
right to add computers to that domain, but without being member of the
Domain Admins group?

I'm working for a training center for pc technicians, and our students
often
have to install different versions of windows on their system as an
exercise.
After the installation, they should be able to add their computer to our
domain, without the intervention of a domain admin. That's why we want
to
give them the name and password of an account that can do just that.

Is that possible?


In both Windows 2000 and Windows Server 2003, domain users already have
the right to join computers to a domain. Nothing special required to
enable this.

--
Paul Adare - MVP Virtual Machines
It all began with Adam. He was the first man to tell a joke--or a lie.
How lucky Adam was. He knew when he said a good thing, nobody had said
it before. Adam was not alone in the Garden of Eden, however, and does
not deserve all the credit; much is due to Eve, the first woman, and
Satan, the first consultant." - Mark Twain





.

Relevant Pages

  • Re: Delegation of groups admin. - restricted to a subset of object
    ... goto the members tab and add something as a member ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... * This posting is provided "AS IS" with no warranties and confers no rights! ... OU's and if in my ou i have delegate only to computers to write memeberof ...
    (microsoft.public.windows.server.active_directory)
  • Re: A C++ Whishlist
    ... computer your member function can't throw an exception. ... members with a NULL pointer on almost all computers out there. ... Mine is already robust; if you want to make yours robust ... Doesn't matter if the standard is changed or not. ...
    (comp.lang.cpp)
  • Windows Update + Active Directory/Group Policy == Pain
    ... Ahoy (sorry for cross-posting to this usenet group too, ... This is just a vanilla Windows 2003 Domain with 3 member computers, 1 DC, ... On all the computers except the domain controller Windows Update/Microsoft ...
    (microsoft.public.windowsupdate)
  • Re: Help needed installing a usb-serial cable
    ... Pro computers to check in members at 3 health clubs. ... The member flashes their ... key/card at the scanner, the scanner reads the member ID, shoots it ...
    (microsoft.public.windowsxp.general)
  • Windows Update + Active Directory/Group Policy == Pain
    ... This is just a vanilla Windows 2003 Domain with 3 member computers, 1 DC, ... (the member server is actually a WS2003 installation ... On all the computers except the domain controller Windows Update/Microsoft ...
    (microsoft.public.windows.server.active_directory)