Minimum user rights to join domain?

Weare running Windows 2000 Server on our networtk. To make our life easier, we have a bunch of people joining the clients to our domain after being imaged. What are the minimum rights we have to give them, so that the only thing they can do is to join a client to our domain?
ekrischAsked:
Who is Participating?
 
sirbountyCommented:
>>Method 2: Grant the "Create Computer Objects" and "Delete Computer Objects" Access Control Entries (ACEs) to the User
From the Active Directory Users and Computers snap-in, click Advanced Features on the View menu so that the Security tab is exposed when you click Properties.
Right-click the Computers container, and then click Properties.
On the Security tab, click Advanced.
On the Permissions tab, click Authenticated Users, and then click View/Edit.

NOTE: If the Authenticated Users group is not listed, click Add and add it to the list of permission entries.
Make sure the This object and all child objects option is displayed in the Apply onto box.
From the Permissions box, click to select the Allow check box next to the Create Computer Objects and Delete Computer Objects ACEs, and then click OK. <<

ref: http://support.microsoft.com/?kbid=251335
 
This may also come in handy:
http://support.microsoft.com/?id=315273
http://support.microsoft.com/?id=150493 

http://www.winnetmag.com/Article/ArticleID/13524/13524.html
"if you are not a domain administrator the account needs to be added in advance and then you join the domain."
0
 
Yan_westCommented:
Each domain user has the right to join the domain with his username up to a certain number of time.. I think it is 10..

Yes it is :)


An ordinary domain user can join 10 members to the domain
http://www.jsiinc.com/SUBE/tip2200/rh2216.htm
0
 
sirbountyCommented:
I 'think' that's still if they've been added aforehand, is it not?`
0
 
Yan_westCommented:
Yes, they must have been added to the active directory before.. that's for sure.. once they are in, they can make up to 10 computers join the domain.
0
 
jodyridingCommented:
ok here it goes. If you are using AD you can also adjust the GPO and goto the section named
windows settings
security settings
local policies / user rights assignment under that section is a tab called Add workstations to domain.
In there you can select users to be able to be in this tab. we just made all of our engineers be able to do this. That way we wouldn't have to add each user individually

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.