Author Posts

January 1, 2012 at 12:00 am

by dcoz at 2013-01-03 15:05:10

Hi guys,
I am creating several computer accounts within AD and i am looking to delegate the right to allow a group of users to join the computer to the domain.
After having a look at the Quest AD cmdlets is the parameter -managedby the parameter i require when i use the cmd-let new-qadcomputer to accomplish this?

Thanks
Dougie

by Infradeploy at 2013-01-04 01:36:28

Nope. You'd have to change the ACL on the computer object. Delegation of control on an OU would accomplish this, or change it by script through set-acl or dacls (command line) per computer object

by RichardSiddaway at 2013-01-04 06:20:03

Users by default can join 10 machines to the domain

Try creating a computer account in AD users and computers and modify who can join it to the domain. You'll then see the permissions required to perform the join.