cocroftc
asked on
Access is Denied when Re-Adding a Workstation to Domain
We are implementing RIS in our shop so that we may place a new OS image on client workstations.
Have a problem when attempting to join newly imaged PCs to our domain.
Here are some details: Have created a security group and have delegated authority to this group to add computers to domain. This works well if the client node has a unique name. However, if we image a PC and then rename it to its original node name, the machine cannot be re-added to the domain unless done so by a domain admin. Delegated staff can add only if a new node name is provided but cannot not add a node name that already exists in Active Directory..
Trying to avoid the hassle of having an admin remove machines from domain before RIS group members can re-add & don't want to give the RIS group a TaskPad.
Have followed all thee suggestions in KB article http://support.microsoft.com/kb/251335
All to no avail. Security permissions for the OU that holds workstations as well as the Computers Container in AD shows the RIS group as having add and delete computer objects. Can anyone show us the way to allow non Domain Admins the ability to re-add a node to the domain while keeping the same name as was originally assigned? If re-adding we get Access is Denied if unique name, works perfectly.
Running Windows 2003(SP1) on RIS server and AD domain is still Windows2000 (SP4)
Thanks
Have a problem when attempting to join newly imaged PCs to our domain.
Here are some details: Have created a security group and have delegated authority to this group to add computers to domain. This works well if the client node has a unique name. However, if we image a PC and then rename it to its original node name, the machine cannot be re-added to the domain unless done so by a domain admin. Delegated staff can add only if a new node name is provided but cannot not add a node name that already exists in Active Directory..
Trying to avoid the hassle of having an admin remove machines from domain before RIS group members can re-add & don't want to give the RIS group a TaskPad.
Have followed all thee suggestions in KB article http://support.microsoft.com/kb/251335
All to no avail. Security permissions for the OU that holds workstations as well as the Computers Container in AD shows the RIS group as having add and delete computer objects. Can anyone show us the way to allow non Domain Admins the ability to re-add a node to the domain while keeping the same name as was originally assigned? If re-adding we get Access is Denied if unique name, works perfectly.
Running Windows 2003(SP1) on RIS server and AD domain is still Windows2000 (SP4)
Thanks
you can delegate control to certain ou under the active directory users and computers. So then your people could go in and delete the old computer name.
the machine you used to create the image-did you remove it from the domain prior to imaging it?
when you rename the machine, are you using the network identification wizard?
when you rename the machine, are you using the network identification wizard?
ASKER
Hi opie6373
Your question: the machine you used to create the image-did you remove it from the domain prior to imaging it?
Answer: Don't think so. Our RIS person is out today but her associate was almost sure that they did not remove from doamin before creating image.
Your question:when you rename the machine, are you using the network identification wizard?
Answer: Yes, it prompts for username, PW & Domain. It then reports that the node name is already out there and asks if we want to use it. We answer YES. Then we get access is denied unless a Domain Admin does it.
Your question: the machine you used to create the image-did you remove it from the domain prior to imaging it?
Answer: Don't think so. Our RIS person is out today but her associate was almost sure that they did not remove from doamin before creating image.
Your question:when you rename the machine, are you using the network identification wizard?
Answer: Yes, it prompts for username, PW & Domain. It then reports that the node name is already out there and asks if we want to use it. We answer YES. Then we get access is denied unless a Domain Admin does it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi opie6373
You suggestion to remove from domain the XP client prior to imaging was great advice. Solved most of the issue
Other problem was a comflicting set of permissions for the RIS group.
Finally the info provided by welmore: lead to finding a document about delegating a specific OU. Adding all these made for a successful conclusion of the issue.
Thanks to all
You suggestion to remove from domain the XP client prior to imaging was great advice. Solved most of the issue
Other problem was a comflicting set of permissions for the RIS group.
Finally the info provided by welmore: lead to finding a document about delegating a specific OU. Adding all these made for a successful conclusion of the issue.
Thanks to all
ok great thanks.