| || |
| || |
Join Date: Sep 2005
I usually dont like to use the Delegation Wizard for many reasons, the same thing can be also done using the Security tab in the Properties of the OU containing the computer accounts. I also do not understand which Properties a user needs to be able to Write to join a computer to a domain, but I do know that atleast some of them are written during the join operation, if I leave out the "Write All Properties", users cannot join the computer to the domain because a subset will work but I dont know which ones. Follow the below for instance:
- First of all, in the Security tab, click Advanced.
- After that click Add.
- Now you need to key the name of the user or group you want to grant the permissions to; click OK
- After that from the Apply onto: box, select Computer Objects
- Now you can add check marks in the Allow column in these rows:
Write All Properties (or select the Properties tab to grant Write to only those that are required)
Validate write to DNS host name
Validate write to service principal name