Creating a domain account only used to join computers to a domain

[kyosang]

Sponsored Links

I want to create an account which is only going to be used when an admin wants to join a pc to the domain. All admins have their own account with us, that is part of the domain admins group. I want to remove the domain admin power from them while still letting them add computers to the domain. Can anyone tell me how to accomplish this? Thanks.

[Dr.pter]

Check the article on "Default limit to number of workstations a user can join to the domain" from here - http://support.microsoft.com/kb/243327/en-us

[Bon-Z]

I havent tried it so far but I think it will work for you. You need to create a user account in AD and delegate it control to the Computers OU. After that use the 'netdom join' command to join the computer to the domain. Check the below article for instance:
http://technet2.microsoft.com/Window....mspx?mfr=true

[kyosang]

Thanks for responding. I have planned on turning the default 10 computers any user can joing down to 0 and force them to use the credentials of another account that can only join computers to the domain. Do I need to learn how to use Netdom to join computers, really?

[newtech]

You can also check out OUrganizeIT, it will do the things that you are looking for, but will give you some ideas on organizing computer objects in AD like - join, move, update description, link with user object, etc. Also, you do not need to ask admins or users to join or organize computer objects in AD.