?
Solved

Delegate control so users can add computers to a domain

Posted on 2005-04-22
5
Medium Priority
?
525 Views
Last Modified: 2008-01-09
We have a domain named ERL.emhiser.internal. I was wondering if you could give me step-by-step instructions on how to delegate the ability to ERL\Users to add computers to the ERL.emhiser.internal domain. In Active Directory I can see that by right clicking on the ‘Users’ folder you can select Delegate Control and the ‘Delegation of Control Wizard’ comes up. From there I need some info on what to specify for users and groups, the object type, and the permissions.

We need to delegate this control so we can add existing computers to the domain.  An associate of ours had done this previously and it allowed us to add the computers to the domain without using the ADMT for migration.  Bottom line is that we need to migrate these computers to a newly established domain of the same name as the previous.  (The previous DC had a catastrophic failure and the backup also failed!)  We just want to be able to transfer the computers so that we don't have to migrate the user accounts that exist on the computers.  Thanks in advance for the help.
0
Comment
Question by:NewbieAdmin
  • 3
  • 2
5 Comments
 
LVL 9

Expert Comment

by:joedoe58
ID: 13854082
It is quite straighforward but you have additional info here http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/windows2000/en/advanced/help/dsadmin_domain_delegate_control.htm

I would also like to ask some questions. You say that you have the user accounts still but not the computer accounts, how can that be? Both are stored in AD so if you have one you would have the ohter. Was this the only DC in the domain? If not then all data is stored on other DC's in your domain so you only need to reinstall OS on the crashed server to be up an running again
0
 

Author Comment

by:NewbieAdmin
ID: 13854133
We have two domains.  There was a catastrophic failure  on the only DC in the forest root and had to rebuild from scratch.  So, now we have a new domain with the same name as the old one.  We want to bring all the clients into the domain with their existing user profiles on each individual computer.  An associate was able to bring these computers into the new domain by delegating control somehow.  He is not available at the moment, and we will be recreating the second domain and performing the same procedure.  So, the computers and users exist on the clients not the DC. We have a small network (20-30 workstations) and don't want to use ADMT on the second (child) domain to bring all the users/computers back in because we are worried that there may be bad replication data in the existing AD.

I guess the bottom line is that we will be building a new AD but want to keep the existing clients logging in as before with their same logins, desktops, favorites, documents, profiles, etc.  The clients range in OS from 98 to XP Pro.  

Just to get the big flashing "Idiot" sign off of our forehead, our plan is to correct the flaws in the previous system by maintaining multiple DC's in each of these domains and to test the backups so that we don't run into this problem again.  But for now, we are just trying to get the two domains up and running with minimal impact on the employees.  
0
 
LVL 9

Expert Comment

by:joedoe58
ID: 13854680
Sorry but I am still a bit at a loss here on what you want to accomplish. Do your users log in to the child domain or root domain? If the user and computer objects exist in the child domain then you should not have so much of a problem since you only have to create the root domain. Otherwise if you create new computer accounts and join the computers to the domain then they will receive default settings which means that all user settings will be lost.
0
 

Author Comment

by:NewbieAdmin
ID: 13854820
Assume the we only have the one domain and that the only domain controller in that domain failed and the restore process failed.  So we have to bring up that domain from scratch.  All the users at their local computers need to log in to the newly created domain without losing all of the settings that exist on their local computer.  We want them to be able to log in as if nothing has happened to the domain controller.  What we had done previously with the help of someone else, was to transfer those local computers, users and accounts to the Active Directory of the newly created domain (somehow this was done by delegating control to add computers or users).  Thus we did not have to create all new accounts on the client machines and transfer the user settings to new profiles on the client computers.
0
 
LVL 9

Accepted Solution

by:
joedoe58 earned 1500 total points
ID: 13855182
That is impossible since when you join a domain you will get a profile for the domain. The only thing that you can do is delegate who will be able to join a computer to the domain if you want someone else execept domain admins or equal to do it
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Learn about cloud computing and its benefits for small business owners.
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question