Solved

Adding workstation to domain

Posted on 2011-02-22
6
533 Views
Last Modified: 2012-05-11
I want to give a group right to join a domain, for this purpose, i have added the group in the group policy add workstations to domain , and also add the group through delegation of task, and specify the task add workstations to domain, but whenever i am trying to joing the domain through the user of this  group, i got an error "Access is Denied", please help me to solve this problem.
0
Comment
Question by:sgogan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 17

Expert Comment

by:Sikhumbuzo Ntsada
ID: 34958675
You must make that user Member of the administrators and assign him/her the ability to join workstations to your domain, and remove other rights you do not want them to have.

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34958680
Run Delegation Wizard on Computer container and allow them this action there.

Regards,
Krzysztof
0
 
LVL 3

Accepted Solution

by:
Suryanarayan Balakrishnan Iyer earned 500 total points
ID: 34958693
To allow an ordinary user, or group, to add a computer to a domain, you can use either of the following:

Assign rights using the Default Domain Group policy.
Delegate rights using Active Directory Users and Computers.
Assign rights using the Default Domain Group policy:
1. Open the Default Domain Group policy.
2. Navigate through Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment.

3. Expand User Rights Assignment.

4. Double-click Add workstations to Domain.

5. Check the Define these policy settings box.

6. Press the Add User or Group button.

7. Complete the dialog to add the user or group.

8. Press Apply and OK.


Delegate rights using Active Directory Users and Computers:
1. Open the Active Directory Users and Computers snap-in.
2. Right-click the container under which you want the computers added, and press Delegate Control.

3. Press Next.

4. Press Add.

5. After adding all the users and/or groups, press Next.

6. Select Create custom task to delegate and press Next.

7. Select Only the following objects in the folder, check Computer objects, check the Create selected objects in this folder box, and press Next.

8. Check the Create all child object box and press Next.

9. Press Finish.

0
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

 
LVL 3

Expert Comment

by:Suryanarayan Balakrishnan Iyer
ID: 34958705
0
 

Author Closing Comment

by:sgogan
ID: 34958921
Thanks dear, It works
0
 

Author Comment

by:sgogan
ID: 35081263
This policy works ok, but one problem, when we join a new pc to domain it works, but we we rejoin the same pc to domain, then error occured "Access Denied", means that if i have joined a pc named abc to domain, whenever due to some reason, i have to rejoin this pc to domain, i can not do it, then the error occured "Access Denied", in that case i have to joined the pc with administrative user,  if i rename that pc to abc1 then the joined to the domain successfully, please help us to solve this problem
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question