RIS Server 'Computer Account' limitations (induced by RIS to WinPE boots)

I'm running a Win2003 AD/RIS server that boots PXE enabled systems into a slightly modified  version of WinPE.  I presently have RIS set to autoname the systems PC## where the ## represents an incremental integer.  Once 100 'computer' accounts are reached (PC00 to PC99) in the OU (is that right, computer accounts are it's own OU right?) the RIS/PE instance will fail to generate a unique name of any more RIS booted systems.  Initially I thought this was a character limitation, but after decreasing the amount of chars used for a computer account name, I have been unable to resolve this 100 account limitation problem.  I have poked thru the GPO for this setting and have come up with nothing.

Does anyone know how to increase this undocumented limit so that I can boot an infinite amount of systems from my RIS to WinPE (or at least set an expiration time of the accounts so they GO away)?
LVL 1
jeremiahjAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

What90Commented:
Hi jeremiahj,

I have a feeling your problem is due to the lack of correct permisions for RIS to create accounts in that OU. I have a nagging feeling that there's a hard coded basic limit for a standard account to create computer objects.
Try delegating permissions to create computer objects to the RIS account and see if that fixes the problem.
0
jeremiahjAuthor Commented:
What90,

Thanks for the tip.  I'll give it a shot in the lab tomorrow and see what happens!

I should have known that was it, as I have run into a similar issue with sysprep...duh!

-JeremiahJ
0
WeHeCommented:
in a w2k3 domain the limit for adding machines to AD by normal users is 10.
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

jeremiahjAuthor Commented:
small problem...

which account does RIS use to add computer accounts to the domain?
0
WeHeCommented:
The user who logs on using the Client Installation Wizard (CIW) is the one whose credentials are used to create the machine account, so the rights on the default container that will hold the machine account need to be modified to grant these rights.
0
jeremiahjAuthor Commented:
done...

now i just need 49 more systems to boot of the RIS and ill know if this worked or not!

: )
0
jeremiahjAuthor Commented:
elevating group membership to 'account operator' did not resolve the issue.  anyone else care to take a stab?
0
WeHeCommented:
can you give us the detailed error message?
maybe it will shed some light on this.
0
jeremiahjAuthor Commented:
I'll have to recreate it sometime this week, just takes a while to generate it as I have cleared the computer accounts already.

It fails out of PXE/PE installation with something like...

"Windows was unable to generate a a unique name/account for your system..."

Anyways, I'll make sure I get the rest and post later next week.
0
WeHeCommented:
can you try this?

To make it possible for users to create computer accounts anywhere in the domain:
Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
In the left pane, right-click your domain name, and then click Delegate Control.
In the Delegation of Control Wizard, click Next.
Click Add.
Type the name of the group that requires permission to add computer accounts to the domain, and then click OK.
Click Next.
Click to select the Join a computer to the domain check box, and then click Next.
Click Finish.
0
jeremiahjAuthor Commented:
quick update...

have been out of lab since last post. will try to get in this week and recreate. thanks for the input WeHe...
0
jeremiahjAuthor Commented:
still no luck on this problem.

perhaps i am not delegation permissions to the right group?

can someone be more explicit about the step:

"Type the name of the group that requires permission to add computer accounts to the domain, and then click OK."

Thanks!
0
jeremiahjAuthor Commented:
"I presently have RIS set to autoname the systems PC## where the ## represents an incremental integer..."

Eureka!

The ## was the limitation.  The naming convention I had elected was preventing additional names from being created, anything beyond PC99 is an invalid name, as ## is the char limitation on the integers - duh!

Ghetto solution: Have a batch process delete the computer accounts every so often.

Simple solution: Use the mac address token for PC name.
0
jeremiahjAuthor Commented:
I answered my own question...so how do I cleanly close this?
0
harleyjdCommented:
Hi, Jeramiahj

The proper way to do it is to request a PAQ/Refund in http://www.experts-exchange.com/Community_Support/ 

It is always good policy to ask to have the Q closed properly, even after a CV has come along and made a recommendation, but that said - my recommendation was to PAQ/Refund anyway. I saw you answered it yourself, and you provided enough information for someone with the same problem to work it out.

It would probably be wise for you to ask for a refund oficially, I don't know if the mods make black marks for those people who persistently abandon questions...

0
moduloCommented:
PAQed with points refunded (250)

modulo
Community Support Moderator
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.