GPOs and joining computers to domain

R

Russ

We're using GPOs to apply security group restrictions to add groups to
the local admin accounts on workstations, but we're having problems
with remote sites adding computers to our AD domain. We have an OU
set up for them, and they're delegated permissions to their OU, but
when they try to join a new PC, they are denied. I'm guessing it is
trying to put it in the default computer container instead of their
OU, which they don't have rights to. How do we fix this (script?)
this so our site admins can join PCs to their OUs remotely?
 
C

Curtis Clay III [MSFT]

You can use Netdom.


If /OU is not specified the account is created in the Computers container.

Joining a workstation or member server to a domain
Join mywksta to the devgroup.microsoft.com domain in the Dsys/workstations
organizational unit.

NETDOM JOIN /d:devgroup.microsoft.com
mywksta /OU:OU=Dsys,OU=Workstations,DC=microsoft,DC=com
In addition to adding the computer account to the domain, the workstation is
modified to contain the appropriate shared secret to complete the Join
operation.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Delegating GPOs 3
GPO Processing Order and OUs 15
GPO and Add Computer to Domain 1
Shared vs. dedicated GPOs 1
Multiple GPOs for Computer and User OUs? 1
Will this work as a first step? 2
Policy loopback causes domain-level policies to reapply 4
Lab Domain Layout - SOS 3

Top