<sniff> that would make a great blog subject. :)
Why do you say that they're caught in the check? You never delegated the
right for the domain did you? (that can be done via GPO by the way).
If you only delegated the right at the OU then that's where they need to add
the computer account, but using the computer properties | add to domain
routine will try to add to the cn=computers (or whatever you've set it to)
and fail because of that.
Consider an alternate process such as using netdom if you need to automate
or using the pre-create method if not. Heck, you *could* even write
something like I'll post on the blog entry when I get a chance and use that
if you want.
Al
On 12/7/06, WATSON, BEN <[EMAIL PROTECTED]> wrote:
Hello everyone,
Our desktop support group are all a part of a security group called IT. I
delegated the Create and Delete Computer ACEs to the security group over the
OU that I want them to add computer accounts into when a machine is joined
to the domain.
After I adjusted the security settings, I reduced the default number of
computers an authenticated user can join to the domain down to zero.
It seems that the members of the IT security group can pre-create the
computer accounts, but when they attempt to go through the join process,
they are caught at the check that determines if they have surpassed the
number of machines a user can join to the domain (which is now zero).
What must I do so this security group is not subject to that check?
Thanks,
Ben
-----Original Message-----
From: "Thompson, Elizabeth" <[EMAIL PROTECTED]>
To: "ActiveDir@mail.activedir.org" <ActiveDir@mail.activedir.org>
Cc: "[EMAIL PROTECTED]" <
[EMAIL PROTECTED]>
Sent: 12/7/06 11:31 AM
Subject: RE: [ActiveDir] Please help me
Check and see if it still has the "dead" server listed under its the NTDS
Settings in AD Sites and Services. Had this happen once to me. I manually
deleted the NTDS reference and it was happy.
Elizabeth Thompson
Service and Support Technician/Exchange Admin
Information Technology Services
The Community College of Baltimore County
________________________________
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, December 07, 2006 10:50 AM
To: ActiveDir@mail.activedir.org
Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED]
Subject: [ActiveDir] Please help me
I have a strange problem and can not find any solution
I used DCpromo to depromote a computer. It worked ok, the Domain
controller was depromoted. But when I use repadmin to show other dc´s
replication, it show replications from the domain controler depromoted. I
didn´t find anything to explain how to solve that.
Where can I find it, to remove it from replication. The machine is
a network computer, but replication fails with message:
SPO-COSTA\SPO-CENTRO5 <<<-------------- (THIS IS THE DOMAIN
CONTROLER THAT IS NOT A DOMAIN CONTROLER ANYMORE)
DEL:357e1f2d-65bf-4a6d-8399-ce536b6da174 (deleted DSA) via RPC
DC object GUID: ab0540a5-545d-43d6-be25-94a21ba3893f
Address: ab0540a5-545d-43d6-be25-94a21ba3893f._msdcs.sabesp.com.br
DC invocationID: fc87edcb-ab23-4fd6-8d12-14c79aa926d2
DO_SCHEDULED_SYNCS COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
USNs: 13018091/OU, 13018091/PU
Last attempt @ 2006-12-07 07:56:32 failed, result 8524 (0x214c):
A operação de agente do sistema de diretórios (DSA) não pode
prosseg
uir devido a uma falha de pesquisa de DNS.
96 consecutive failure(s).
Last success @ 2006-12-01 07:58:08.
Adrião Ferreira Ramos
Depto. de Operações e Infra-Estrutura - CII.14
[EMAIL PROTECTED]
(11) 3388.8193
Esta mensagem pode conter informação confidencial e/ou privilegiada. Se
você não for o destinatário ou a pessoa autorizada a receber esta mensagem,
não pode usar, copiar ou divulgar as informações nela contidas ou tomar
qualquer ação baseada nessas informações. Se você recebeu esta mensagem por
engano, por favor avise imediatamente o remetente, respondendo o e-mail e em
seguida apague-o. Agradecemos sua cooperação.
This message may contain confidential and/or privileged information. If
you are not the addressee or authorized to receive this for the addressee,
you must not use, copy, disclose or take any action based on this message or
any information herein. If you have received this message in error, please
advise the sender immediately by reply e-mail and delete this message. Thank
you for your cooperation.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
