I thought that if you pre-created all computer accounts the SIDs for the computer accounts wouldn't match when you went to actually go and join the computer to the domain. Am I mistaken on this? Can you send along some Q Articles that explain what you want Ken to do?
Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -----Original Message----- From: Tony Murray [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 01, 2002 11:04 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Add computer to domain delegation Ken A good way to do this is to pre-create the computer objects in your OU of choice (using ADUC, script, etc.). Once the object has been created, you can then join the computer to the domain. The join process will automatically "find" the computer object in the correct OU. The advantage of this approach is that you can modify the OU ACL so that you have 2 roles: one for creating the computer objects, and one for joining the computers to the domain. Of course both sets of permissions can be assigned to the same group if that's what you want to do. Have a browse through the archives for a thread with a subject of "Join Computers to Domain". It contains a lot of the detail on the permissions required. Tony ---------- Original Message ---------------------------------- From: "Garello, Kenneth" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Tue, 1 Oct 2002 10:54:24 -0400 Forgive me if this is a simple question - I have been trying to research this for about a week and cannot get a complete picture. I have a 3 domain forest that was upgraded from a classic style multi-master nt 4.0 domain structure. All my resources exist in the "resource domain" (workstation accounts, and member servers) . The resource domain is the root domain My user accounts exist in one of two account domains, which are subdomains of the root. I have a lab technician who's account obviously exists in one of the domain accounts, but needs to add computers to a particular OU within the resource domains consisting of the computers he is responsible for. (There is a separate GPO for this OU). We use Symantec ghost to update the machines on a frequent basis. Can someone help me to understand the process to do this? I know I have to delegate the "add computers to the domain" Do I have to have him create the computers within the OU using the MMC snap-in? Once the computer exists in the OU, after ghosting he still needs to tell the workstation what domain it belongs to, which requires credentials Thanks for any help (discussion on procedure would be helpful) Ken Ken Garello Worcester State College List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
