Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

I wish to allow a user rights to join computers to domains but not give access to all admin

Posted on 2016-09-05
2
Medium Priority
?
63 Views
Last Modified: 2016-09-05
Hi all, i wonder if you could help, as per the title "I wish to allow a user rights to join computers to domains but not give access to all admin" We have a local domain and i would like to be able to allow a trusted user access to join new computers to this domain but don't really want to give them full admin rights or indeed access to admin areas etc.
Is this possible?
many thanks
0
Comment
Question by:Shifnal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Accepted Solution

by:
Dirk Mare earned 2000 total points
ID: 41784532
You need to delegate the appropriate permissions to the specific user our group.

On your server..
1. Click Start, click Run, type dsa.msc, and then click OK.
2. In the task pane, expand the domain node.
3. Locate and right-click the OU that you want to modify, and then click Delegate Control.
4. In the Delegation of Control Wizard, click Next.
5. Click Add to add a specific user or a specific group to the Selected users and groups list, and then click Next.
6. In the Tasks to Delegate page, click Create a custom task to delegate, and then click Next.
7. Click Only the following objects in the folder, and then from the list, click to select the Computer objects check box. Then, select the check boxes below the list, Create selected objects in this folder and Delete selected objects in this folder.
8. Click Next.
9. In the Permissions list, click to select the following check boxes:
    Reset Password
    Read and write Account Restrictions
    Validated write to DNS host name
    Validated write to service principal name
10. Click Next, and then click Finish.
11. Close the "Active Directory Users and Computers" MMC snap-in

DirkMare
0
 

Author Closing Comment

by:Shifnal
ID: 41784538
Brilliant thanks for that
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question