> A Microsoft TS told us that AD will automatically add a PC to an OU that you have rights to, but this doesn't seem to be the case.
This is incorrect. Think of it this way, if you have delegated rights to 300 different OU's, which should it pick? It will automatically join a machine account that exists in an OU if you have join permissions to that object but it won't try to figure out what OU you want and then join there even if you only have access to one single OU. Your options are to script with NETDOM or actually script the object creation with LDAP/ADSI or manually precreate the accounts in the right place, set the proper join group (DO NOT USE EVERYONE - SECURITY ISSUE) and then do the join. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Friday, September 19, 2003 4:16 PM To: '[EMAIL PROTECTED]' We have many remote sites and an OU for each remote site. We're delegating our site admins permissions to their site Ous, and creating security group restriction policies to grant them local admin permissions on their user's desktops. The problem we're having is the site admins can't join new PCs to the domain. A Microsoft TS told us that AD will automatically add a PC to an OU that you have rights to, but this doesn't seem to be the case. It appears it's trying to add it to the builtin computers container instead, and the site admins don't have rights to that. How do we solve this? Is there some type of a script that we need to be using to do this? We don't want to use RIS. We want all our remote sites to be able to join computers to their OU at will. Thanks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
