Delegate permission let one user to join pc to a domain

Tutorials Win: Microsoft Windows Forum

Hi all,

I used the delegation wizard to grand permission to one of our pc support
staff to join PC to a domain, but we only can join a new installed OS PC
into domain, if he needs to re-join it, the windows prompts out the Access
is denied, does anyone know how to fix the problem?

Thanks
Top

Re: Delegate permission let one user to join pc to a domain by Anthony

Anthony
Wed Aug 13 00:48:41 PDT 2008

Each computer account is unique, so to re-join the domain they need to be
able to change the existing account of the same name. A simple way to do
that is to give them full control of the Computers OU,
Anthony,
http://www.airdesk.com


<et@et.com> wrote in message news:uiwvS9Q$IHA.1224@TK2MSFTNGP02.phx.gbl...
> Hi all,
>
> I used the delegation wizard to grand permission to one of our pc support
> staff to join PC to a domain, but we only can join a new installed OS PC
> into domain, if he needs to re-join it, the windows prompts out the Access
> is denied, does anyone know how to fix the problem?
>
> Thanks
>
Top

Re: Delegate permission let one user to join pc to a domain by MarekChladek

MarekChladek
Wed Aug 13 01:16:06 PDT 2008

Only little comment for Anthony solution.
For delegation user rights use ( FC for Computer object) on OU where are
Computer account placed ( OU Computers - or customized OU )
For re-join you will probably need remove Computer account from domain, or
Reset Computer Account ( To delete old computer password ).

Marek Chladek [MCSE]

"Anthony [MVP]" wrote:

> Each computer account is unique, so to re-join the domain they need to be
> able to change the existing account of the same name. A simple way to do
> that is to give them full control of the Computers OU,
> Anthony,
> http://www.airdesk.com
>
>
> <et@et.com> wrote in message news:uiwvS9Q$IHA.1224@TK2MSFTNGP02.phx.gbl...
> > Hi all,
> >
> > I used the delegation wizard to grand permission to one of our pc support
> > staff to join PC to a domain, but we only can join a new installed OS PC
> > into domain, if he needs to re-join it, the windows prompts out the Access
> > is denied, does anyone know how to fix the problem?
> >
> > Thanks
> >
>
Top

Re: Delegate permission let one user to join pc to a domain by Meinolf

Meinolf
Wed Aug 13 01:23:17 PDT 2008

Hello et@et.com,

Belongs to the reason that the delegated right to join the computer to the
domain includes not the right to "write computer object".

1. Click Start, click Run, type dsa.msc, and then click OK.
2. In the task pane, expand the domain node.
3. Locate and right-click the OU that you want to modify, and then click
Delegate Control.
4. In the Delegation of Control Wizard, click Next.
5. Click Add to add a specific user or a specific group to the Selected users
and groups list, and then click Next.
6. In the Tasks to Delegate page, click Create a custom task to delegate,
and then click Next.
7. Click Only the following objects in the folder, and then from the list,
click to select the following check boxes: . Computer objects
Top

Re: Delegate permission let one user to join pc to a domain by MarekChladek

MarekChladek
Wed Aug 13 01:26:49 PDT 2008

By the way,if the user is not Domain Admin, you will need to configure this
value.
http://support.microsoft.com/?id=243327

Marek

"Marek Chladek" wrote:

> Only little comment for Anthony solution.
> For delegation user rights use ( FC for Computer object) on OU where are
> Computer account placed ( OU Computers - or customized OU )
> For re-join you will probably need remove Computer account from domain, or
> Reset Computer Account ( To delete old computer password ).
>
> Marek Chladek [MCSE]
>
> "Anthony [MVP]" wrote:
>
> > Each computer account is unique, so to re-join the domain they need to be
> > able to change the existing account of the same name. A simple way to do
> > that is to give them full control of the Computers OU,
> > Anthony,
> > http://www.airdesk.com
> >
> >
> > <et@et.com> wrote in message news:uiwvS9Q$IHA.1224@TK2MSFTNGP02.phx.gbl...
> > > Hi all,
> > >
> > > I used the delegation wizard to grand permission to one of our pc support
> > > staff to join PC to a domain, but we only can join a new installed OS PC
> > > into domain, if he needs to re-join it, the windows prompts out the Access
> > > is denied, does anyone know how to fix the problem?
> > >
> > > Thanks
> > >
> >
Top

Re: Delegate permission let one user to join pc to a domain by Paul

Paul
Wed Aug 13 15:22:53 PDT 2008

To rejoin they need to delete the old account. They are given the creation
permission not the delete permission, so when they go to re-add they are
blocked since the user can't delete the old object.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

<et@et.com> wrote in message news:uiwvS9Q$IHA.1224@TK2MSFTNGP02.phx.gbl...
> Hi all,
>
> I used the delegation wizard to grand permission to one of our pc support
> staff to join PC to a domain, but we only can join a new installed OS PC
> into domain, if he needs to re-join it, the windows prompts out the Access
> is denied, does anyone know how to fix the problem?
>
> Thanks
>


Top

Re: Delegate permission let one user to join pc to a domain by Jorge

Jorge
Mon Aug 18 13:51:33 PDT 2008

also see:
http://blogs.dirteam.com/blogs/jorge/archive/2006/01/05/369.aspx


--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
<et@et.com> wrote in message news:uiwvS9Q$IHA.1224@TK2MSFTNGP02.phx.gbl...
> Hi all,
>
> I used the delegation wizard to grand permission to one of our pc support
> staff to join PC to a domain, but we only can join a new installed OS PC
> into domain, if he needs to re-join it, the windows prompts out the Access
> is denied, does anyone know how to fix the problem?
>
> Thanks
>

Top