Nevermind guys, I'm out on vacation and I was unable to verify that the desktop support staff were pre-creating the computer accounts properly. I got back to my hotel and was able to VPN in and check up on everything and they were not creating the accounts properly. Everything is working as intended.
Thanks, ~Ben -----Original Message----- From: WATSON, BEN Sent: Thursday, December 07, 2006 11:45 AM To: [email protected] Subject: Delegate join computer to domain Hello everyone, Our desktop support group are all a part of a security group called IT. I delegated the Create and Delete Computer ACEs to the security group over the OU that I want them to add computer accounts into when a machine is joined to the domain. After I adjusted the security settings, I reduced the default number of computers an authenticated user can join to the domain down to zero. It seems that the members of the IT security group can pre-create the computer accounts, but when they attempt to go through the join process, they are caught at the check that determines if they have surpassed the number of machines a user can join to the domain (which is now zero). What must I do so this security group is not subject to that check? Thanks, Ben -----Original Message----- From: "Thompson, Elizabeth" <[EMAIL PROTECTED]> To: "[email protected]" <[email protected]> Cc: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Sent: 12/7/06 11:31 AM Subject: RE: [ActiveDir] Please help me Check and see if it still has the "dead" server listed under its the NTDS Settings in AD Sites and Services. Had this happen once to me. I manually deleted the NTDS reference and it was happy. Elizabeth Thompson Service and Support Technician/Exchange Admin Information Technology Services The Community College of Baltimore County ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, December 07, 2006 10:50 AM To: [email protected] Cc: [email protected]; [EMAIL PROTECTED] Subject: [ActiveDir] Please help me I have a strange problem and can not find any solution I used DCpromo to depromote a computer. It worked ok, the Domain controller was depromoted. But when I use repadmin to show other dc´s replication, it show replications from the domain controler depromoted. I didn´t find anything to explain how to solve that. Where can I find it, to remove it from replication. The machine is a network computer, but replication fails with message: SPO-COSTA\SPO-CENTRO5 <<<-------------- (THIS IS THE DOMAIN CONTROLER THAT IS NOT A DOMAIN CONTROLER ANYMORE) DEL:357e1f2d-65bf-4a6d-8399-ce536b6da174 (deleted DSA) via RPC DC object GUID: ab0540a5-545d-43d6-be25-94a21ba3893f Address: ab0540a5-545d-43d6-be25-94a21ba3893f._msdcs.sabesp.com.br DC invocationID: fc87edcb-ab23-4fd6-8d12-14c79aa926d2 DO_SCHEDULED_SYNCS COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS USNs: 13018091/OU, 13018091/PU Last attempt @ 2006-12-07 07:56:32 failed, result 8524 (0x214c): A operação de agente do sistema de diretórios (DSA) não pode prosseg uir devido a uma falha de pesquisa de DNS. 96 consecutive failure(s). Last success @ 2006-12-01 07:58:08. Adrião Ferreira Ramos Depto. de Operações e Infra-Estrutura - CII.14 [EMAIL PROTECTED] (11) 3388.8193 Esta mensagem pode conter informação confidencial e/ou privilegiada. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não pode usar, copiar ou divulgar as informações nela contidas ou tomar qualquer ação baseada nessas informações. Se você recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperação. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
