Solved

How can the right of removing computers from a domain can be given to a group of users?

Posted on 2009-04-09
2
231 Views
Last Modified: 2012-05-06
How can the right of removing computers from a domain can be given to a group of users? I have noticed that local administrator is able to remove computers from the domain, however once the computer is remove AD is not aware of the change so the computer is not removed or any Red X appears either.

I have also notice that if a regular user (domain user) does it the computer does not get removed but a Red X appears on AD for that specific computer. Same happen if the user if domain user is added to the local admin on that particular workstation.

I know a domain user byt default is able to join up to 10 machines to the domain. But would a domain by default a regular user account able to separte a computer account from the domain?

If not how would it be possible to allow the members of a Security Group to be able to remove computers from AD (add them to a workgroup), so when the computer gets removed from that domain the Red X will appear on AD.

0
Comment
Question by:llarava
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 24111882
0
 

Author Comment

by:llarava
ID: 24185175
dstewartjr:

I have tried but it didn't work.

How do you disjoin a computer from your domain, in other words what user account does your helpdesk/analyst has on AD.
A regular users can't disjoin a computer from AD. But a local admin user could do it, if that is the case I have notice that the computer account will not be shown as DISABLED.

So far using delegation over the Computer OU does not give the right to the user to disjoin the computer from AD (right click my computer and when going to CHANGE it's grey out.

In order to do that what level of access does your user account has when disjoining the compt accout from the domain?


0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question