I have a temporary person technician that comes in once in a while to do work for us.I want to assign him with the permission to join computers into our domain and remove the computers from our domain, no other access rights.
I use windows 2008 Domain Controller.
This is what I've done so far...
1 - created a user account for the technician.
2 - On the top domain name in Active Directory i right click and selected Delegation control wizard and Added that user into the delegate control.
3 - From the Delegate common tasks i selected only "Join a computer to the domain"
I have tested the above configuration and came to understand that the user is not able to join computers into the domain,This is where I'm stuck... I want to know what else permissions i needed to assign to this user so that he can only join computers into our domain and Absolutely no other permissions
Waiting for your support.