Hi guys, I am creating several computer accounts within AD and i am looking to delegate the right to allow a group of users to join the computer to the domain. After having a look at the Quest AD cmdlets is the parameter -managedby the parameter i require when i use the cmd-let new-qadcomputer to accomplish this?
by Infradeploy at 2013-01-04 01:36:28
Nope. You'd have to change the ACL on the computer object. Delegation of control on an OU would accomplish this, or change it by script through set-acl or dacls (command line) per computer object
by RichardSiddaway at 2013-01-04 06:20:03
Users by default can join 10 machines to the domain
Try creating a computer account in AD users and computers and modify who can join it to the domain. You'll then see the permissions required to perform the join.
The topic ‘delegate join rights to group when creating computer object’ is closed to new replies.