Solved

Adding machines to domains for non-Administrators

Posted on 2006-06-16
10
307 Views
Last Modified: 2010-04-11
Hi,

we are running Server 2003 with AD and are having difficulty trying to set up a policy so that non-Administrators can add machines to the domain.

We have set the following policy on the DC:

Default Domain Policy\Windows Settings\Security Settings\Local Policies/User Rights Assignments\Add work stations to domains.

We have a security group configured for users that require this and have added it to the policy. However, they are still unable to add machines to the domain.

Is there anywhere else taht this should be done?

Any advice greatly appreciated.

Thanks

Lewis Hardwick
0
Comment
Question by:LFMSupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 13

Expert Comment

by:marine7275
ID: 16920670
I have never heard of such a thing. I have an understanding that you have to be a domain admin to add machines to the domain.????
0
 
LVL 1

Author Comment

by:LFMSupport
ID: 16920841
Agree'd that was my impresion. But I have definately spotted it.

I've uploaded a screen-shot so you can see where I mean.

<a href="http://img514.imageshack.us/my.php?image=adpolicy7ku.jpg" target="_blank"><img src="http://img514.imageshack.us/img514/844/adpolicy7ku.th.jpg" border="0" alt="Free Image Hosting at www.ImageShack.us" /></a>
0
 
LVL 1

Author Comment

by:LFMSupport
ID: 16920858
OK, that didn't quite work...
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 
LVL 1

Author Comment

by:LFMSupport
ID: 16920874
0
 
LVL 32

Expert Comment

by:jhance
ID: 16921395
You need NOT be an administrator to add workstations to the domain.  You need ONLY the "Add Workstation to Domain" user account privilege.  See:

http://www.netswitcher.com/V3/V3FAQ/netswitcher_v3_faq.htm#ADDOMAIN

for details on how to add this right to user accounts on the domain.
0
 
LVL 12

Expert Comment

by:NetAdmin2436
ID: 16923836
Interesting, didn't know you can do that...

Instead of messing with the default domain policy, how about create a new group policy in your domain. Make sure you add the non-admin security group on the security tab of the new group policy  and make sure the group is checked to 'apply group policy'. Then make sure that the new group policy is below the default domain policy in the link order, to ensure the new group policy isn't overridden.

Hope this helps
0
 
LVL 13

Expert Comment

by:prashsax
ID: 16923954
You can delegate the rights to a group.

Just right click on the domain name in Active Directory users and computers.

Select delegate Control.
Select the right of add workstation to domain, and select the group to which this permissions is to be delegated.

That it, after this all users in that group could add workstation to domain.
0
 
LVL 2

Expert Comment

by:Dave Robinson
ID: 16942156
You're applying this to the Default Domain Policy.

Try applying this to the Default Domain Controllers Policy in the Domain Controllers OU.
0
 
LVL 3

Accepted Solution

by:
iwontleaveyou earned 125 total points
ID: 16954648
Dont provide this pilocy on the domain.

Insted Open teh Default domain controller security policy under the Administrative tool on windows 2003 domain controller.

In that add teh security group to the policy User rights assingment--> Add workstation to domain---> Add Your security group Here.

and this will work.

Best Of Luck

Regards
Nitesh
0
 
LVL 1

Author Comment

by:LFMSupport
ID: 16991479
Thanks Nitesh. That nailed it!

Regards

Lewis
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ready for our next Course of the Month? Here's what's on tap for June.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question