JSI Tip 8144. How can I allow an ordinary user to add a computer to a domain?

An ordinary domain user can join 10 members to the domain.

NOTE: See How do I change the default 10 computer limit that Windows 2000 uses to allow authenticated users to join computers to a domain?

To allow an ordinary user, or group, to add a computer to a domain, you can use either of the following:

  • Assign rights using the Default Domain Group policy.
  • Delegate rights using Active Directory Users and Computers.

Assign rights using the Default Domain Group policy:

1. Open the Default Domain Group policy.

2. Navigate through Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment.

3. Expand User Rights Assignment.

4. Double-click Add workstations to Domain.

5. Check the Define these policy settings box.

6. Press the Add User or Group button.

7. Complete the dialog to add the user or group.

8. Press Apply and OK.

Delegate rights using Active Directory Users and Computers:

1. Open the Active Directory Users and Computers snap-in.

2. Right-click the container under which you want the computers added, and press Delegate Control.

3. Press Next.

4. Press Add.

5. After adding all the users and/or groups, press Next.

6. Select Create custom task to delegate and press Next.

7. Select Only the following objects in the folder, check Computer objects, check the Create selected objects in this folder box, and press Next.

8. Check the Create all child object box and press Next.

9. Press Finish.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish