GPO and Add Computer to Domain

R

Russ

We're using GPOs to apply security group restrictions to add groups to
the local admin accounts on workstations, but we're having problems
with remote sites adding computers to our AD domain. We have an OU
set up for them, and they're delegated permissions to their OU, but
when they try to join a new PC, they are denied. I'm guessing it is
trying to put it in the default computer container instead of their
OU, which they don't have rights to. How do we fix this (script?)
this so our site admins can join PCs to their OUs remotely?
 
M

Matjaz Ladava [MVP]

Make them prestage computer accounts in their OU prior to joining computers
to the domain. dsadd command line tool has this ability. It is included as
part of Windows Server 2003 adminpak.

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), Windows MVP
(e-mail address removed)
http://ladava.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

GPOs and joining computers to domain 1
GPO Computer Setting - Ccan they be applied to Users ? 6
Require Computer object before joining Workstation 3
GPO Processing Order and OUs 15
Unable to prevent OU deletion by Domain Admins? 8
Unable to prevent OU deletion by Domain Admins? 2
Add Computer Objects 1
pc takes time to apply computer settings 1

Top