?
Solved

Active Directory account permission - add\remove computers from forest

Posted on 2009-05-20
2
Medium Priority
?
1,075 Views
Last Modified: 2013-12-04
Hello -

I have a customer request to create a domain\forest account that has permission to add and remove computers.  Can someone please tell me what rights and\or group memberships this account should be given?

Thanks very much in advance -
0
Comment
Question by:sfrft99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Accepted Solution

by:
Americom earned 2000 total points
ID: 24432211
Here's the suggestion:
If you need to have helpdesk folks to be able to join/disjoin computers to the domain, you need to do the followings:
1. Create a group, something like HelpdeskAdmins
2. Add all the needed users to this group
3. Create an OU where you want them to be able to move/remove the computer object to this OU after the object is added to the domain.
4. Delgate the permission of this OU where they can add and remove computer object to this OU.
5. You also need to delgate the add/remove computer permission to the default Computer container as by default the computer is added to the Computer container. Unless you pre-create the computer object in the above OU before they join the computer to the domain.

Hope this help but in case you need the steps for delgation:
1. Right-click the OU which you want the computers added, and select Delegate Control.
2. click Next.
3. click Add.
4. After adding all the group, click Next.
5. Select Create custom task to delegate and click Next.
6. Select Only the following objects in the folder, check Computer objects, check the Create selected objects in this folder box, and click Next.
8. Check the Create all child object box and click Next.
9. click Finish.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Successful collaboration among team members is essential for the growth of your business. When employees work together on projects, share ideas and communicate effectively they get better results.
Introduction to Processes
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question