Granting permission to re-add a computer account

K

kj2n

I am trying to grant access to our help desk to have the
ability to add computers to our domain. I have done the
following:

Delegated Authority at the domain level to the following:
- Create Computer objects
- Delete Computer objects

They can add new computers to the domain, but can not
remove and then re-add a computer to the domain. Could
this have something to do with resetting the computer
account within AD and not having the appropriate
permissions for that task? What security settings do I
need to allow?

Thanks.
 
J

Joe Richards [MVP]

I wouldn't recommend deleting and recreating the account. I would instead
recommend resetting the account and having the machine rejoin, this can be
done by simply delegating reset password on the computer objects (more
specifically on the OU with the ace inherited to computer objects).
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

delegating ADD computer rights to helpdesk 1
adding computers to a domain 1
AD permission for admins 3
Unable to log on with a domain account 3
win 2000 / 2003 ad problem 1
Add Computer Objects 1
Adding Computer To AD 1
permissions to add computer account to domain 1

Top