Hi guys, I am creating several computer accounts within AD and i am looking to delegate the right to allow a group of users to join the computer to the domain. After having a look at the Quest AD cmdlets is the parameter -managedby the parameter i require when i use the cmd-let new-qadcomputer to accomplish this?
by Infradeploy at 2013-01-04 01:36:28
Nope. You'd have to change the ACL on the computer object. Delegation of control on an OU would accomplish this, or change it by script through set-acl or dacls (command line) per computer object
by RichardSiddaway at 2013-01-04 06:20:03
Users by default can join 10 machines to the domain
Try creating a computer account in AD users and computers and modify who can join it to the domain. You'll then see the permissions required to perform the join.