This thread seems confusing to me and doesn't seem to have all of the information.
Questions: 1. You say "added the technician group to the computers OU" When you say that do you mean you added the Technicians group the ACL of the Computers container (i.e. CN=COMPUTERS) or did you create an OU for computers or other? 2. You say "The problem is that when I set these, everything works fine." When you say that do you mean that it sets ok and that is fine or that you set it and test it with the group and the group at that point in time is fine. Robert asked the same question but you glossed over it and didn't answer. 3. You say "To fix the issue temporarily, " Did this tempory fix work? 4. Are the accounts precreated or are the techs simply joining a new machine straight to the domain? 5. How are the techs doing the join? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruyere, Michel Sent: Wednesday, June 09, 2004 10:37 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] strange thing... Hi all, It's my first post here. I've been referred here and been told that you guys were the "real gurus" of AD. I have a strange thing happening and I would like to have your thoughts about it. Here is the situation, I created a group called "technicians" and I gave the user right "add station to the domain to it. I then added the technician group to the computers OU and set the following: List contents Read all properties Read permissions Create computer objects Delete computer objects The problem is that when I set these, everything works fine. But the next day when a tech (member of the technician group) tries to join a computer to the domain he has an access denied. To fix the issue temporarily, I gave the group the perms (create all childs object and delete all childs object). I tried to remove the inheritance of the perms on this ou but it didn't help. I can't see why this is happening. Thanks Michel Bruyere Network/systems administrator CompTIA A+, Network+ The quickest way to find something is to start looking for something else. :-) List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
