Link to home
Start Free TrialLog in
Avatar of cocroftc
cocroftc

asked on

Access is Denied when Re-Adding a Workstation to Domain

We are implementing RIS in our shop so that we may place a new OS image on client workstations.
Have a problem when attempting to join newly imaged PCs to our domain.
Here are some details: Have created a security group and have delegated authority to this group to add computers to domain. This works well if the client node has a unique name. However, if we image a PC and then rename it to its original node name, the machine cannot be re-added to the domain unless done so by a domain admin. Delegated staff can add only if a new node name is provided but cannot not add a node name that already exists in Active Directory..
Trying to avoid the hassle of having an admin remove machines from domain before RIS group members can re-add & don't want to give the RIS group a TaskPad.
Have followed all thee suggestions in KB article http://support.microsoft.com/kb/251335
All to no avail. Security permissions for the OU that holds workstations as well as the Computers Container in AD shows the RIS group as having add and delete computer objects. Can anyone show us the way to allow non Domain Admins the ability to re-add a node to the domain while keeping the same name as was originally assigned? If re-adding we get Access is Denied if unique name, works perfectly.
Running Windows 2003(SP1) on RIS server and AD domain is still Windows2000 (SP4)
Thanks
Avatar of Bird Dog
Bird Dog
Flag of Canada image

you can delegate control to certain ou under the active directory users and computers. So then your people could go in and delete the old computer name.
the machine you used to create the image-did you remove it from the domain prior to imaging it?  

when you rename the machine, are you using the network identification wizard?
Avatar of cocroftc
cocroftc

ASKER

Hi opie6373
Your question: the machine you used to create the image-did you remove it from the domain prior to imaging it?  
Answer: Don't think so. Our RIS person is out today but her associate was almost sure that they did not remove from doamin before creating image.

Your question:when you rename the machine, are you using the network identification wizard?
Answer: Yes, it prompts for username, PW & Domain. It then reports that the node name is already out there and asks if we want to use it. We answer YES. Then we get access is denied unless a Domain Admin does it.
ASKER CERTIFIED SOLUTION
Avatar of David Scott, MCSE
David Scott, MCSE
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi opie6373

You suggestion to remove from domain the XP client prior to imaging was great advice. Solved most of the issue

Other problem was a comflicting set of permissions for the RIS group.

Finally the info provided by welmore: lead to finding a document about delegating a specific OU. Adding all these made for a successful conclusion of the issue.

Thanks to all
ok great thanks.