Hi,
There are two ways to give a user or group permission to add a computer to
the domain:
1) use a Group Policy object to grant the right Add computer user,
2) or, for the organizational unit in which you want to allow them to
create computer objects, grant the user or group the permission to create
computer objects
Assigning rights through Default Domain Group policy
================================================
Open Default Domain Group policy on Domain controller
Double click on Computer Configuration -> Windows Settings-> Local
Policies->User Rights Assignment
Under "User Rights Assignment" double click on "Add workstations to Domain"
policy and include user or group you want to give permission.
Note: This would enable the user or group to add workstations across the
Domain.
Assigning rights through AD users and computers (Delegation)
=======================================================
To perform this procedure, you must be a member of the Account Operators
group, the Domain Admins group, or the Enterprise Admins group in Active
Directory, or you must have been delegated the appropriate authority. As a
security best practice, consider using Run as to perform this procedure.
Click Start, point to Programs, point to Administrative Tools, and then
click Active Directory Users and Computers.
In the console tree, click Computers under the domain node, or click the
container in which you want to add the computer.
Right-click Computers or the container in which you want to add the
computer, point to New, and then click Computer.
Type the computer name.IMPORTANT: The Default Domain Policy settings allow
only members of the Domain Admins group to add a computer account to a
domain. Click Change to specify a different user or group that can add this
computer to the domain.
Hope this would answer your question.
Thanks,
(e-mail address removed)
This posting is provided "AS IS" with no warranties, and confers no rights.
