Unfortunately that procedure is not very useful for your production environment where you may have hundreds of computers that are changed (replaced, re-installed, …) over the day. In the screenshot below you can see that a group named "ComputerJoinAdmins", including the onsite support group of our test lab, ill be allowed to join that computer to the domain. When you can see the "New Computer" dialog you are able to also set a group name or user name who is allowed to join that computer to your domain. You can set up the permission to join a computer to a domain via GUI when you create the computer object.
Powershell join domain specific ou install#
In the final step the onsite team can install the computer and join it to your domain. All onsite team admin accounts are member of that group.ģ. In my case we created a group called "ComputerJoinAdmins". Now you go and create all the computer objects and you set up the permission to join a computer to the domain by the onsite teams.
In a first step your onsite services provides a consolidated list of computer names and Ous to store the computers.Ģ.
Computers are then installed and delivered to the user by onsite support teams that work as a local Administrator but have limited access to the Active Directory.Įven though they need to join a newly installed computer to your Directory.ġ. When reading the "Delegate not working" thread on the MS Technet ( ) I remembered companies I worked for in the past usually create new computer objects for the computers they bought.
0 kommentar(er)
