question on adding a workstation to an existing domain..

[joe]

Question. I want to add a laptop to an existing AD
domain. There is an existing account which has admin
rights (administrator login). I will also need to set the
laptop up so that I have admin rights on it when using my
username (joe). Can someone outline the steps
needed to do all of this please? Does my computer name
need to be set in AD or can I name it anything? I want to
be able to connect to the domain so I can install some
software from a Network drive. Any help would be GREATLY
appreciated!

Thanks!
Joe

 

[Herb Martin]

Question. I want to add a laptop to an existing AD
domain. There is an existing account which has admin
rights (administrator login). I will also need to set the
laptop up so that I have admin rights on it when using my
username (joe). Can someone outline the steps
needed to do all of this please? Does my computer name
need to be set in AD or can I name it anything? I want to
be able to connect to the domain so I can install some
software from a Network drive. Any help would be GREATLY
appreciated!

BTW
Connecting to the domain from your user account on the
domain doesn't not necessary require "logon onto the machine
with a domain account."

net use * \\server\share * /useromainName\UserName

(You may substitute ServerName for DomainName if you have
an account on the server itself instead.)

For you actual question:

Logon to it as the MACHINE Admin, use the system
control panel to join the machine to the domain. If the
computer account doesn't exist yet, you must either have
an Admin etc. create it on the domain OR you must have
domain admin credentials to use (type in) during the
addition from the machine.

After successfully adding the computer, use it's Computer
Manger (etc) to add your Domain account to the local
computer Administrators group etc.

 

[Ace Fekay [MVP]]

In

BTW
Connecting to the domain from your user account on the
domain doesn't not necessary require "logon onto the machine
with a domain account."

net use * \\server\share * /useromainName\UserName

(You may substitute ServerName for DomainName if you have
an account on the server itself instead.)

For you actual question:

Logon to it as the MACHINE Admin, use the system
control panel to join the machine to the domain. If the
computer account doesn't exist yet, you must either have
an Admin etc. create it on the domain OR you must have
domain admin credentials to use (type in) during the
addition from the machine.

After successfully adding the computer, use it's Computer
Manger (etc) to add your Domain account to the local
computer Administrators group etc.

Just to add, by default a user account can join a machine to a domain (if
the computer acct was pre-created by an admin) up to 20 times, which this
default setting can be altered with ADSIEdit.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Cary Shultz [A.D. MVP]]

Ace,

Was that setting changed? I *thought* that it was 10? Oh well, looks like
I missed that memo! ;-)

Cary

"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Ace,

Was that setting changed? I *thought* that it was 10? Oh well,
looks like I missed that memo! ;-)

Cary

It was an ivisible memo...

Darn, could have sworn it was 20. So you got me curious and had to remote
into my DC to verify it! LOL Yep! 10. Should have checked first.... I
think 20 stuck to mind with a post one day last year where that poster
wanted to change it to 20, or something like that!

(FYI for the poster, this can be found by going into ADSI Edit, under the
Domain NC, rt-click your domain name properties, the 'Optional' attribute to
look for is called Ms-DS-MachineAccountQuota.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Herb Martin]

"Ace Fekay [MVP]"

Just to add, by default a user account can join a machine to a domain (if
the computer acct was pre-created by an admin) up to 20 times, which this
default setting can be altered with ADSIEdit.

Curious: Is that a rule about the "user can create computer accounts"
feature? Only if the Admin created the user? (As opposed to Account
Operator etc.?)

BTW: I thought it was 10 (not 20) but that isn't a big deal either way.

 

[phillip pino]

The default is 10. I was just dealing with this a week ago.

*Ace,

Was that setting changed? I *thought* that it was 10? Oh well
looks like
I missed that memo! ;-)

Cary

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&[email protected]> wrot
in
message news:[email protected]...

-
phillip pin

 

[Ace Fekay [MVP]]

In

"Ace Fekay [MVP]"


Curious: Is that a rule about the "user can create computer accounts"
feature? Only if the Admin created the user? (As opposed to Account
Operator etc.?)

BTW: I thought it was 10 (not 20) but that isn't a big deal either
way.

yeah yeah, it's 10. The admin has to create the computer account in AD
first...
--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

The default is 10. I was just dealing with this a week ago.

Ok.... I should have checked first before I posted it and getting ribbed
about it...

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Herb Martin]

Curious: Is that a rule about the "user can create computer accounts"

yeah yeah, it's 10. The admin has to create the computer account in AD
first...

I don't care about the 10 (20 whatever) -- of course the count has to
be created, but I thought you were implying that it ONLY worked if
an Admin (specifically) not someone else created the account.

I now believe that was just an accident of your wording and could
have been, "If the user has an account" (irrelevant of how it was
created.)

 

[Cary Shultz [A.D. MVP]]

Ace,

No worries from me. I am the last person to be ribbing you!

Cary

"Ace Fekay [MVP]"

 

[Cary Shultz [A.D. MVP]]

Dang!

Wanted to add a bit more to the previous post!

I sometimes try to give short answers ( I do tend to be a bit verbose ) and
find that this is a bad idea for me. I will leave out a word or two that
should have been included which changes the meaning of the answer. Case in
point: the question about NetBIOS sometime in the last seven days. I
answered that NetBIOS is stopped at the router. We all know that this is
not completely accurate. We know that it is the NetBIOS *broadcast* that is
*typically* stopped at the router. That would have been a much better
response. My first response was something like authoritative: It is STOPPED
at the router! There are no two ways about it! Period! Well, not
completely true!

As Herb said, it is not really that big a deal.

Cary

"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Dang!

Wanted to add a bit more to the previous post!

I sometimes try to give short answers ( I do tend to be a bit
verbose ) and find that this is a bad idea for me. I will leave out
a word or two that should have been included which changes the
meaning of the answer. Case in point: the question about NetBIOS
sometime in the last seven days. I answered that NetBIOS is stopped
at the router. We all know that this is not completely accurate. We
know that it is the NetBIOS *broadcast* that is *typically* stopped
at the router. That would have been a much better response. My
first response was something like authoritative: It is STOPPED at the
router! There are no two ways about it! Period! Well, not
completely true!

As Herb said, it is not really that big a deal.

Cary

I know, I do the same thing. I meant to put a LOL at the end of my other
post! I hope you didn't think I was serious....




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

I don't care about the 10 (20 whatever) -- of course the count has to
be created, but I thought you were implying that it ONLY worked if
an Admin (specifically) not someone else created the account.

I now believe that was just an accident of your wording and could
have been, "If the user has an account" (irrelevant of how it was
created.)

I mis-worded it. You got it!

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Cary Shultz [A.D. MVP]]

Nope,

As the younger people say these days, Ace - it's all good! ;-)

Cary

"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Nope,

As the younger people say these days, Ace - it's all good! ;-)

Cary

It's al good!


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory