Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Adding workstation to domain

Posted on 2011-02-22
6
Medium Priority
?
535 Views
Last Modified: 2012-05-11
I want to give a group right to join a domain, for this purpose, i have added the group in the group policy add workstations to domain , and also add the group through delegation of task, and specify the task add workstations to domain, but whenever i am trying to joing the domain through the user of this  group, i got an error "Access is Denied", please help me to solve this problem.
0
Comment
Question by:sgogan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 17

Expert Comment

by:Sikhumbuzo Ntsada
ID: 34958675
You must make that user Member of the administrators and assign him/her the ability to join workstations to your domain, and remove other rights you do not want them to have.

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34958680
Run Delegation Wizard on Computer container and allow them this action there.

Regards,
Krzysztof
0
 
LVL 3

Accepted Solution

by:
Suryanarayan Balakrishnan Iyer earned 2000 total points
ID: 34958693
To allow an ordinary user, or group, to add a computer to a domain, you can use either of the following:

Assign rights using the Default Domain Group policy.
Delegate rights using Active Directory Users and Computers.
Assign rights using the Default Domain Group policy:
1. Open the Default Domain Group policy.
2. Navigate through Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment.

3. Expand User Rights Assignment.

4. Double-click Add workstations to Domain.

5. Check the Define these policy settings box.

6. Press the Add User or Group button.

7. Complete the dialog to add the user or group.

8. Press Apply and OK.


Delegate rights using Active Directory Users and Computers:
1. Open the Active Directory Users and Computers snap-in.
2. Right-click the container under which you want the computers added, and press Delegate Control.

3. Press Next.

4. Press Add.

5. After adding all the users and/or groups, press Next.

6. Select Create custom task to delegate and press Next.

7. Select Only the following objects in the folder, check Computer objects, check the Create selected objects in this folder box, and press Next.

8. Check the Create all child object box and press Next.

9. Press Finish.

0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 3

Expert Comment

by:Suryanarayan Balakrishnan Iyer
ID: 34958705
0
 

Author Closing Comment

by:sgogan
ID: 34958921
Thanks dear, It works
0
 

Author Comment

by:sgogan
ID: 35081263
This policy works ok, but one problem, when we join a new pc to domain it works, but we we rejoin the same pc to domain, then error occured "Access Denied", means that if i have joined a pc named abc to domain, whenever due to some reason, i have to rejoin this pc to domain, i can not do it, then the error occured "Access Denied", in that case i have to joined the pc with administrative user,  if i rename that pc to abc1 then the joined to the domain successfully, please help us to solve this problem
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question