Active Directory User account with add computer to domain Privelage

What si the lowest level member I can create that will have access to join computer to the domain without having too much more of an elevated access?  I want to be able to give a group of users at a remote office the ability to join new users laptops to the company's domain but do not want them to have access to anything outside of that.
Who is Participating?
SandeshdubeyConnect With a Mentor Senior Server EngineerCommented:
You can create group and add users to this group and delegate control to add worksation to domain.

Delegate – non-admin account to add workstations to domain
Twhite0909Author Commented:
We also use DELL QARS , Active Roles Server, for most AD group creations.  I think there was something about Delegation that can accomplish this if anyone is familiar with that?
You can add advanced security permissions on the "Computers" OU.
Properties |Security tab |Advanced |Add |Type the groupname and Check Names |OK
Assign only "Create Computer objects" permissions.
Please note that this does only apply for new computer objects.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.