If the account is precreated, any domain user can join the domain. They just don't have the rights to create a computer account. And if the departments already have permissions delegated to them for administering their specific OU's, this shouldn't be a problem.
James Winzenz, MCSE, A+ Associate Systems Administrator Peregrine Systems, Inc. -----Original Message----- From: Alexander Kha Do [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 12:30 PM To: NT 2000 Discussions Subject: RE: Adding computers to an AD OU Remember that when you precreate the accounts you should change the permissions on "who can join the computer account to the domain" to give your specific department groups this permission. BTW, I only know how to do this through the create computer account GUI and have not figured out how to script these permissions. Does anyone know how to do this?? -Alex -----Original Message----- From: James Winzenz [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 5:32 AM To: NT 2000 Discussions Subject: RE: Adding computers to an AD OU If you precreate the computer accounts in the correct OU, then when you have the computer change to the new domain, it will automatically go into the proper OU that the account has been precreated in. James Winzenz, MCSE, A+ Associate Systems Administrator Peregrine Systems, Inc. -----Original Message----- From: David Wentworth [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 02, 2002 5:43 PM To: NT 2000 Discussions Cc: David Wentworth Subject: Adding computers to an AD OU Hello, all! I'm constructing an Active Directory environment where I want to delegate administration to departments of their own OUs. I've run into a problem. With Windows 2000, if you try to change the domain the computer belongs to, you can't (or at least I haven't figured out how to) pick an OU within a domain. You can only select the domain and then the computer ends up in the "Computers" container. So it looks to me like I have to give the dept. LAN admins permission to add computers to the domain or the "Computers" container, and once they've done that they can move the computers from there to their own OU. Is that right? Is there a better way? Your counsel will be most appreciated! Humbly yours, Dave Wentworth ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
