How can the right of removing computers from a domain can be given to a group of users? I have noticed that local administrator is able to remove computers from the domain, however once the computer is remove AD is not aware of the change so the computer is not removed or any Red X appears either.
I have also notice that if a regular user (domain user) does it the computer does not get removed but a Red X appears on AD for that specific computer. Same happen if the user if domain user is added to the local admin on that particular workstation.
I know a domain user byt default is able to join up to 10 machines to the domain. But would a domain by default a regular user account able to separte a computer account from the domain?
If not how would it be possible to allow the members of a Security Group to be able to remove computers from AD (add them to a workgroup), so when the computer gets removed from that domain the Red X will appear on AD.