Solved

Adding workstation to domain

Posted on 2011-02-22
6
532 Views
Last Modified: 2012-05-11
I want to give a group right to join a domain, for this purpose, i have added the group in the group policy add workstations to domain , and also add the group through delegation of task, and specify the task add workstations to domain, but whenever i am trying to joing the domain through the user of this  group, i got an error "Access is Denied", please help me to solve this problem.
0
Comment
Question by:sgogan
6 Comments
 
LVL 17

Expert Comment

by:Sikhumbuzo Ntsada
ID: 34958675
You must make that user Member of the administrators and assign him/her the ability to join workstations to your domain, and remove other rights you do not want them to have.

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34958680
Run Delegation Wizard on Computer container and allow them this action there.

Regards,
Krzysztof
0
 
LVL 3

Accepted Solution

by:
Suryanarayan Balakrishnan Iyer earned 500 total points
ID: 34958693
To allow an ordinary user, or group, to add a computer to a domain, you can use either of the following:

Assign rights using the Default Domain Group policy.
Delegate rights using Active Directory Users and Computers.
Assign rights using the Default Domain Group policy:
1. Open the Default Domain Group policy.
2. Navigate through Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment.

3. Expand User Rights Assignment.

4. Double-click Add workstations to Domain.

5. Check the Define these policy settings box.

6. Press the Add User or Group button.

7. Complete the dialog to add the user or group.

8. Press Apply and OK.


Delegate rights using Active Directory Users and Computers:
1. Open the Active Directory Users and Computers snap-in.
2. Right-click the container under which you want the computers added, and press Delegate Control.

3. Press Next.

4. Press Add.

5. After adding all the users and/or groups, press Next.

6. Select Create custom task to delegate and press Next.

7. Select Only the following objects in the folder, check Computer objects, check the Create selected objects in this folder box, and press Next.

8. Check the Create all child object box and press Next.

9. Press Finish.

0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 3

Expert Comment

by:Suryanarayan Balakrishnan Iyer
ID: 34958705
0
 

Author Closing Comment

by:sgogan
ID: 34958921
Thanks dear, It works
0
 

Author Comment

by:sgogan
ID: 35081263
This policy works ok, but one problem, when we join a new pc to domain it works, but we we rejoin the same pc to domain, then error occured "Access Denied", means that if i have joined a pc named abc to domain, whenever due to some reason, i have to rejoin this pc to domain, i can not do it, then the error occured "Access Denied", in that case i have to joined the pc with administrative user,  if i rename that pc to abc1 then the joined to the domain successfully, please help us to solve this problem
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question