Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 538
  • Last Modified:

Adding workstation to domain

I want to give a group right to join a domain, for this purpose, i have added the group in the group policy add workstations to domain , and also add the group through delegation of task, and specify the task add workstations to domain, but whenever i am trying to joing the domain through the user of this  group, i got an error "Access is Denied", please help me to solve this problem.
0
sgogan
Asked:
sgogan
1 Solution
 
Sikhumbuzo NtsadaCommented:
You must make that user Member of the administrators and assign him/her the ability to join workstations to your domain, and remove other rights you do not want them to have.

0
 
Krzysztof PytkoActive Directory EngineerCommented:
Run Delegation Wizard on Computer container and allow them this action there.

Regards,
Krzysztof
0
 
Suryanarayan Balakrishnan IyerCommented:
To allow an ordinary user, or group, to add a computer to a domain, you can use either of the following:

Assign rights using the Default Domain Group policy.
Delegate rights using Active Directory Users and Computers.
Assign rights using the Default Domain Group policy:
1. Open the Default Domain Group policy.
2. Navigate through Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment.

3. Expand User Rights Assignment.

4. Double-click Add workstations to Domain.

5. Check the Define these policy settings box.

6. Press the Add User or Group button.

7. Complete the dialog to add the user or group.

8. Press Apply and OK.


Delegate rights using Active Directory Users and Computers:
1. Open the Active Directory Users and Computers snap-in.
2. Right-click the container under which you want the computers added, and press Delegate Control.

3. Press Next.

4. Press Add.

5. After adding all the users and/or groups, press Next.

6. Select Create custom task to delegate and press Next.

7. Select Only the following objects in the folder, check Computer objects, check the Create selected objects in this folder box, and press Next.

8. Check the Create all child object box and press Next.

9. Press Finish.

0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
Suryanarayan Balakrishnan IyerCommented:
0
 
sgoganAuthor Commented:
Thanks dear, It works
0
 
sgoganAuthor Commented:
This policy works ok, but one problem, when we join a new pc to domain it works, but we we rejoin the same pc to domain, then error occured "Access Denied", means that if i have joined a pc named abc to domain, whenever due to some reason, i have to rejoin this pc to domain, i can not do it, then the error occured "Access Denied", in that case i have to joined the pc with administrative user,  if i rename that pc to abc1 then the joined to the domain successfully, please help us to solve this problem
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now