delegate join rights to group when creating computer object

archives · December 31, 2011, 6:30pm

by dcoz at 2013-01-03 15:05:10

Hi guys,
I am creating several computer accounts within AD and i am looking to delegate the right to allow a group of users to join the computer to the domain.
After having a look at the Quest AD cmdlets is the parameter -managedby the parameter i require when i use the cmd-let new-qadcomputer to accomplish this?

Thanks
Dougie

by Infradeploy at 2013-01-04 01:36:28

Nope. You’d have to change the ACL on the computer object. Delegation of control on an OU would accomplish this, or change it by script through set-acl or dacls (command line) per computer object

by RichardSiddaway at 2013-01-04 06:20:03

Users by default can join 10 machines to the domain

Try creating a computer account in AD users and computers and modify who can join it to the domain. You’ll then see the permissions required to perform the join.

Topic		Replies	Views
Delegate permissions to Active Directory objects PowerShell Help	24	332	September 25, 2019
Add Computer Object & Change Group to join domain PowerShell Help	7	146	October 3, 2018
Security group to computer object? PowerShell Help	4	103	March 16, 2014
Replace / join acl permissions using quest PowerShell Help	1	121	February 18, 2016
Adding computer objects from OU to multiple security groups PowerShell Help	5	186	August 3, 2019

delegate join rights to group when creating computer object

Related Topics