Solved

Adding workstation to domain

Posted on 2011-02-22
6
527 Views
Last Modified: 2012-05-11
I want to give a group right to join a domain, for this purpose, i have added the group in the group policy add workstations to domain , and also add the group through delegation of task, and specify the task add workstations to domain, but whenever i am trying to joing the domain through the user of this  group, i got an error "Access is Denied", please help me to solve this problem.
0
Comment
Question by:sgogan
6 Comments
 
LVL 17

Expert Comment

by:Sikhumbuzo Ntsada
Comment Utility
You must make that user Member of the administrators and assign him/her the ability to join workstations to your domain, and remove other rights you do not want them to have.

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
Comment Utility
Run Delegation Wizard on Computer container and allow them this action there.

Regards,
Krzysztof
0
 
LVL 3

Accepted Solution

by:
Suryanarayan Balakrishnan Iyer earned 500 total points
Comment Utility
To allow an ordinary user, or group, to add a computer to a domain, you can use either of the following:

Assign rights using the Default Domain Group policy.
Delegate rights using Active Directory Users and Computers.
Assign rights using the Default Domain Group policy:
1. Open the Default Domain Group policy.
2. Navigate through Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment.

3. Expand User Rights Assignment.

4. Double-click Add workstations to Domain.

5. Check the Define these policy settings box.

6. Press the Add User or Group button.

7. Complete the dialog to add the user or group.

8. Press Apply and OK.


Delegate rights using Active Directory Users and Computers:
1. Open the Active Directory Users and Computers snap-in.
2. Right-click the container under which you want the computers added, and press Delegate Control.

3. Press Next.

4. Press Add.

5. After adding all the users and/or groups, press Next.

6. Select Create custom task to delegate and press Next.

7. Select Only the following objects in the folder, check Computer objects, check the Create selected objects in this folder box, and press Next.

8. Check the Create all child object box and press Next.

9. Press Finish.

0
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

 
LVL 3

Expert Comment

by:Suryanarayan Balakrishnan Iyer
Comment Utility
0
 

Author Closing Comment

by:sgogan
Comment Utility
Thanks dear, It works
0
 

Author Comment

by:sgogan
Comment Utility
This policy works ok, but one problem, when we join a new pc to domain it works, but we we rejoin the same pc to domain, then error occured "Access Denied", means that if i have joined a pc named abc to domain, whenever due to some reason, i have to rejoin this pc to domain, i can not do it, then the error occured "Access Denied", in that case i have to joined the pc with administrative user,  if i rename that pc to abc1 then the joined to the domain successfully, please help us to solve this problem
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Synchronize a new Active Directory domain with an existing Office 365 tenant
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now