adding computer accounts to AD

J

JohnC

Authenticated users are allowed to add 10 computer
accounts to the domain by default. Is is possible to allow
a particular user or a group to create a specific number
of computer accounts to the domain (for example 20
accounts instead of 10)?

Thank you.
 
H

Herb Martin

A lot of people don't even know about the 10 account
rule -- I have never heard of any way to set this but to
turn it off/on, or give the user the right to make unlimited
accounts (delegate OU permissions or "create computer
account" right like the Account Operators have.)
 
M

Matjaz Ladava [MVP]

Hi Herb. You can change this default value to some value other than 10. You
must set ms-DS-MachineAccountQuota attribute. You can do this using
ADSIedit, by going into domain properties and there locate
ms-DS-MachineAccountQuota attribute. Change it to any value you like.
And the QArticle would be http://support.microsoft.com/?kbid=251335

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), Windows MVP
(e-mail address removed)
http://ladava.com
 
R

Robbie Allen

Hi John,

Besides the machine account quota, the only way to restrict the number of
objects a particular user or group can create is to use the new quota
feature in Windows Server 2003. But that applies to all object types--it
wouldn't be specific to only computers. With Windows 2000, you don't have
many options.

Regards,
Robbie Allen
Author of "Active Directory Cookbook" (O'Reilly and Associates)
http://www.rallenhome.com/
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Adding Computer To AD 1
AD for Multi tenancy 0
Computer accounts in AD 6
Adding machine accounts 9
Computer accounts AD 3
Deleted old computer accounts in AD 5
Problem with adding computer acount to domain 1
Blank Passwords, Complex Requeirements and Problems... 5

Top