Follow the steps below in order to give the authority to take the newly added computers to the domain to users or groups other than users or groups with “Domain Admin” authority.
Click on the start menu and click “Windows Administrative Tools“. Then click “Active Directory Users and Computers” at the bottom.
Right-click on the “OU” to be authorized on the domain node that opens and click “Delegate Control“.
When the “Delegation of Control Wizard” page comes up, we continue with the “Next” button.
Click the “Add” button in the “Users or Groups” section and select a specific group or user and continue with the “Next” button.
In the “Task to Delegate” section, we select “Create a custom task to delegate” and continue with the “Next” button.
In the “Active Directory Object Type” section, we select Only the following objects in the folder. We select “Computer Objects” from the list. Then we select “Create selected objects in this folder” and “Delete selected objects in this folder“. We continue with the “Next” button.
In the “Permissions” section, we tick the following checkboxes. We continue with the “Next” button.
- Reset Password
- Read and write Account Restrictions
- Validated write to DNS host name
- Validated write to service principal name
- Read and write DNS host name and attributes
Finally, we finish the process with the “Finish” button. Thus, the “omer” user was given the authority to take the computers to the domain. If you want, you can give authorization to a group.