Delegate control to user

[joh]

Hi All,

I have a user account that I would like to be able to add
computers to the domain, but not have admin rights. I have
used the Delegate Control wizard to give the user these
permissions but its not working as I expected. For
example, the user can add computers to the domain, but say
for instance, if there is another computer account in the
directory with the same name, it fails. Using and admin
account works. Also, when I try to add Mac OS X computers
to the domain, it fails. Is there a permission that I
haven't delegated? Also, is there a way to see exactly
what permission has be delegated to a user?

Thanks,

Joh

 

[Chriss3]

Hello Joh,

Click View in AD users and computers, click view advanced features, this
enable a security tab when you click properties for a object. You can see
the security of an object and see what you have delegated. The Delegation Of
Control Wizard is just another simple way of modify the security (ACL) for
an OU or another container.

Have a look at Add workstations to domain policy:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/526.mspx

 

[joh]

Hi Christoffer,

Thanks for the reply. I'm just wondering why this account
can add a new workstations to the domain, but say for
example if a computer breaks and its reimaged, that user
cannot re-add that computer to the domain with the same
NetBios name?? But a domain admin can. Just wondering if
there is a permission I'm not setting or maybe the
delegation is in the wrong location?

Thanks,

joh

 

[Chriss3]

Must say I'm not sure here, Just try delegate full control to computer
objects for the particular user or group.