http://support.microsoft.com/default.aspx?scid=kb;en-us;Q251335
From
the article:
"Windows 2000 grants the "Add workstations to
domain" privilege to the Authenticated Users group by default. When this
privilege is enabled, authenticated users can bypass the access control list
(ACL) check for up to a predefined maximum value. To prevent misuse, the maximum
number of machine accounts any authenticated user can join is 10 by
default."
you've
got a couple of options here:
1.
automate the creation of workstation accounts for users ahead of
time
2.
grant the support person/team "Create Computer Objects" and "Delete Computer
Objects" to the Computers container (or OU you are using)
3.
increase the ms-DS-MachineAccountQuota value on the Domain object in question to
a number above 10. Note that this increases the number of computers
all users can create by default. You can do this with
ADSIEDIT, or script it.
Hope
this helps,
Richard
-----Original Message-----
From: Holmes,Raun M [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 11:23 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Joining computers to a domain?Hello,
I have a support person who is getting a msg: the following error occurred while attempting to join the domain"xxx.xxx.xxx": you computer could not be joined to the domain, you have exceeded the max number of computer accounts you are allowed to created in this domain. contact your admin to have this limit reset or increased.
How can we increase the counter for this user?
Thanks in advanced.
Raun Holmes
