General discussion

Locked

Joining a new computer to a domain rights only

By SysAdminTech ·
Ok here's the seniero I have several technicians rolling out new computers. As we all know during a rollout we need to join the computers to the domain. Unfortunately due to political reasons I cant give the technicain doamin admin rights. Therfore they can't join the computer to the domain without contacting me. Does anyone know how to create a snap-in or a group policy that will allow a user join a computer to a domain without giving them Admin rights In a windows 2000 enviourment.

Thank you in advance

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Comments

Collapse -

Install ADS and make domain users

by namitswar In reply to Joining a new computer to ...

Since u want the pc to be connected to the domain and not give them admin rights , u can create domain users and assign them minimum rights.

Collapse -

Account Operator

by NTSysop In reply to Install ADS and make doma ...

Assign them Account Operator permissions.

They can join a Domain but do not have other Domain Admin rights

Collapse -

Domain Policies

by TITSSNI In reply to Joining a new computer to ...

Sysadmin,

In the domain policies there is a policy that specifies those who are allowed to add/join computers to the domain. Add the technicians IDs to the list. They don't need to be domain admins to do so, just need a policy with their IDs. Make sure they have domain user rights.

The Suite

Collapse -

Domain Policy

by SysAdminTech In reply to Domain Policies

I follwed your instructions but the reply states access denied. Im I missing something here?

Collapse -

Does this still apply 3 years later?

by barth.travis In reply to Domain Policies

I can't seem to find the specific policy...

-Doc

Collapse -

Try this

by johnnywatt In reply to Joining a new computer to ...

I have not tested this. However, I remember it being something I saw when studying MCSA Server exam.
Use the AD Users and Computers Snapin. Go to View > Advanced Features. Right click the "Computers" container and view the Security tab. Add the "Group" of users joining the computers to AD or a single "User".
Then test it. This could really, really not work because I have not tested.


Edited NOTE:
I believe it's "Create All Child Objects" for the ACL. FYI.

Collapse -

by SysAdminTech In reply to Try this

Your advice has been completed but still no go.


Thanks

Collapse -

domain right

by ketanshah108 In reply to Joining a new computer to ...

Any persion given admin right to joint is domain accounts in given to joining the domain . this users domain user name & password is tekan & jointes . But why i have checked domain admin rights given (yes & no )

Back to IT Employment Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums