Differences
This shows you the differences between two versions of the page.
— | windows:ad:delegate_join_user [2019/10/31 09:06] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Delegate user to join computers to AD ====== | ||
+ | Delegate rights using Active Directory Users and Computers: | ||
+ | - Open the **Active Directory Users and Computers** snap-in. | ||
+ | - Right-click the container under which you want the computers added, and press **Delegate Control**. | ||
+ | - Press **Next**. | ||
+ | - Press **Add**. | ||
+ | - After adding all the users and/or groups, press **Next**. | ||
+ | - Select **Create custom task to delegate** and press **Next**. | ||
+ | - Select **Only the following objects in the folder**, check **Computer objects**, check the **Create selected objects in this folder** box, and press **Next**. | ||
+ | - Check the **Create all child object** box and press **Next**. | ||
+ | - Press **Finish**. | ||
+ | |||
+ | |||
+ | |||
+ | - Click **Start**, click **Run**, type **dsa.msc**, | ||
+ | - In the task pane, expand the domain node. | ||
+ | - Locate and right-click the OU that you want to modify, and then click **Delegate Control**. | ||
+ | - In the Delegation of Control Wizard, click **Next**. | ||
+ | - Click Add to add a specific user or a specific group to the **Selected users and groups** list, and then click **Next**. | ||
+ | - In the **Tasks to Delegate** page, click **Create a custom task to delegate**, and then click **Next**. | ||
+ | - Click Only the following objects in the folder, and then from the list, click to select the Computer objects check box. Then, select the check boxes below the list, **Create selected objects in this folder** and **Delete selected objects in this folder**. | ||
+ | - Click **Next**. | ||
+ | - In the **Permissions** list, click to select the following check boxes: | ||
+ | - **Reset Password** | ||
+ | - **Read and write Account Restrictions** | ||
+ | - **Validated write to DNS host name** | ||
+ | - **Validated write to service principal name** | ||
+ | - Click **Next**, and then click **Finish**. | ||
+ | - Close the “Active Directory Users and Computers” MMC snap-in | ||