Add Computer Object & Change Group to join domain

I’m looking to add a computer object into Active Directory and specify a different group that can join it to the domain other than “Default: Domain Admins”.

AD version of what I'm trying to do

Your image is not visible to us. You will get help from below link for sure.

https://blogs.technet.microsoft.com/dubaisec/2016/02/01/who-can-add-workstation-to-the-domain/

This is the AD version of what I’m trying to do.

https://www.screencast.com/t/a76IIX4N4U

 

Use the ADAC (Active Directory Administrative Console) and click through what you are trying to do. It will write the PS code for you, that you can later tweak as needed.

Introduction to Active Directory Administrative Center Enhancements (Level 100) https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/adac/introduction-to-active-directory-administrative-center-enhancements--level-100-

Learning PowerShell with Active Directory Administrative Center (PowerShell History Viewer)
https://sid-500.com/2017/10/10/learning-powershell-with-active-directory-administrative-center-powershell-history-viewer

Step-By-Step: Utilizing PowerShell History Viewer in Windows Server 2012 R2
https://blogs.technet.microsoft.com/canitpro/2015/03/04/step-by-step-utilizing-powershell-history-viewer-in-windows-server-2012-r2

Use Active Directory Administrative Center to Create PowerShell Commands in Windows Server 2012
https://www.petri.com/use-active-directory-administrative-center-create-powershell-commands

Great tool! Unfortunately, it doesn’t give any Powershell code when changing the user or group to join a domain.

Discussions and answers and a pre-built script to help you regarding your use case.

 

https://stackoverflow.com/questions/29037519/set-following-user-or-group-can-join-to-domain-permissions-on-computer-object
 
https://social.technet.microsoft.com/Forums/scriptcenter/en-US/1f72f4d9-7343-4a7c-a03f-3713cafdd152/delegate-athority-in-a-ou-to-a-sinle-user-to-join-computers-to-domain?forum=winserverpowershell
 
https://www.itprotoday.com/windows-8/powershell-granting-computer-join-permissions

It doesn’t look simple. Here’s a blog about it. http://mgitservice.blogspot.com/2014/08/the-following-user-or-group-can-join.html

I wish there was a “sysinternals process monitor” for active directory, that shows what objects are changing (hmmm… https://docs.microsoft.com/en-us/sysinternals/downloads/adexplorer). Or a book on automating active directory with powershell.

As for —

book on automating active directory with powershell.

From the list of ones I have and have used in my library. Some are a bit dated, but still gives you starting and thinking points.

Automating Active Directory with Windows PowerShell 2.0 https://www.amazon.com/Automating-Directory-Administration-Windows-PowerShell/dp/1118027310/ref=sr_1_1?s=books&ie=UTF8&qid=1538603882&sr=1-1&keywords=Automating+Active+Directory+with+Windows+PowerShell+2.0

Inside Active Directory, Second Edition
https://www.amazon.com/Inside-Active-Directory-System-Administrators/dp/0321228480

Active Directory with PowerShell
https://www.amazon.com/Active-Directory-PowerShell-Uma-Yellapragada/dp/1782175997/ref=sr_1_2?ie=UTF8&qid=1538603514&sr=8-2&keywords=powershell+active+directory

Mastering Active Directory: Understand the Core Functionalities of Active Directory Services Using Microsoft Server 2016 and PowerShell
https://www.amazon.com/dp/1787289354/ref=sspa_dk_detail_0?psc=1