9th November 2024

Allowing User/Group to Add Domains

You can follow the steps below to give the authority to add new computers to the domain to other users or groups other than users or groups with Domain Admin authority.

Active Directory Users and Computers – dsa.msc

From the Start menu, click “Windows Administrative Tools> Active Directory Users and Computers” or enter run from the Start menu and type dsa.msc.

 Active Directory Users and Computers
Active Directory Users and Computers
dsa.msc
dsa.msc

 

Delegate Control

In the task window that opens, we expand the domain node. Right-click on “OU” to be authorized and click “Delegate Control“.

Delegate Control
Delegate Control

 

Delegation of Control Wizard

When “Delegation of Control Wizard” opens, click the “Next” button to continue.

Delegation of Control Wizard
Delegation of Control Wizard

 

User or Groups

In the “User or Groups” section, we add users or groups to take computers into domains. In the “Users or Groups” section, we click the “Add” button and select the specific group or user and click the “Next” button and continue.

User or Groups
User or Groups

 

Task to Delegate

In the “Task to Delegate” section, we select the “Create a custom task to delegate” tab and click the “Next” button.

Task to Delegate
Task to Delegate

 

Active Directory Object Type

In the “Active Directory Object Type” section, we select the “Only the following objects in the folder:” tab. We tick the “Computer Objects” check box from the list. Then we check the “Create selected objects in this folder” and “Delete selected objects in this folder” checkboxes below. We continue by clicking the “Next” button.

Active Directory Object Type
Active Directory Object Type

 

Permissions

In the “Permissions” section, we will choose what privileges we will grant the user. For this, we check the checkboxes below.

LEARN MORE  McAfee EPO Ldap SSL Error And Solution - "Unable to communicate with the LDAP server. Verify that the settings you specified are correct"

Reset Password
Read and write account restrictions
Validated write to DNS host name
Validated write to service principal name
Read and write DNS host name and attributes

v
Permissions

 

Summary

We complete the authorization process with the “Next” and “Finish” buttons. Thus, all users included in the DomainJoin group have been given the authority to take computers into domains.

summary
summary

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *