Adding users to a domain

What permission does a user need to be able to add computers to the domain? I wan't to give a regular user the ability to add computers to the domain, seems like they lost the ability to after 10 computers.
Hugo WongAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

theruckCommented:
you could do a prestaged computer accounts so an ordinary user can join hi sPC to the domain or you can grant him the rights by rightclicking on the computers container in ADUAC and selecting Delegate Control
Hugo WongAuthor Commented:
too much work, my assistant adds a lot of computers daily and I can't keep up to prestage it... does he have to be an administrator in order to do this? I really don't want to go down that route.
theruckCommented:
no you just delegate the control of the container to him so he can add items to this container with his regular login
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

theruckCommented:
anyway i do not know how to disable the delegation when you do not need it anymore so try to do a special user account for this purpose so you are not angry with me later :)
BrianIT ManagerCommented:
You will need to delegate the ability to create computer objects on the OU or Domain you want this user to have this permission in AD.  Your best bet is to use the Delegation of Control Wizard through ADUC.  Just right click where you want to have the permission and select Delegate control.


Brian

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Netman66Commented:
Just add that user to the Account Operator Group - this should be all you need to do.

BrianIT ManagerCommented:
Just some info for you on what Account Operators can do since it may be giving them to much control.

>This group is only available on servers acting Domain Controllers. It allows its members to administer user and group accounts >for systems and domains. By default, Account Operators have permission to create, modify, and delete accounts for users, >groups, and computers in all containers and organizational units (OUs) of Active Directory except the Builtin container and the >Domain Controllers OU. Account Operators do not have permission to modify the Administrators and Domain Admins groups, nor >do they have permission to modify the accounts for members of those groups.


I'm not a big fan of giving helpdesk level people this permission since it gives the access to the domain controller but if it works then by all means go for it.

Brian

AcknowledgeCommented:
I agree with mkbean, his suggestion (You will need to delegate the ability to create computer objects on the OU or Domain you want this user to have this permission in AD.  Your best bet is to use the Delegation of Control Wizard through ADUC.  Just right click where you want to have the permission and select Delegate control) is the cleanest way.

And yes, every domain user has the ability to add 10 workstations to the domain and not more, just to let you know.  
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.