My desktop guys (and all of IT, actually) are admins on all of the desktops, but not domain admins, so I've delegated an OU for them to put the PCs into. I've written a little script that joins the machine to the domain and makes sure it goes into the correct OU at the same time. It also makes sure that the IT department are local administrators on the box, not just the domain admins.
----------begin batch file---------- set /p wkst=Name of Workstation to be added: set /p name=Your Domain ID: netdom join %wkst% /domain:mycompany /ou:ou=workstations,ou=computers,dc=mycompany,dc=com /ud:%name% /passwordd:* set /p name=Your Domain ID: net use \\dc1\ipc$ /u:%name% net localgroup administrators mycompany\it /add shutdown -r -t 01 ----------end batch file---------- Kurt On Thu, Sep 18, 2008 at 11:39 AM, Joe Heaton <[EMAIL PROTECTED]> wrote: > When you guys build new PCs, do you create the AD object first, or simply > join the domain from the PC afterwards? I've always created the PC, then > joined the domain, but our desktop guy just mentioned that our manager > wanted him to create the AD object first. My first instinct is to say no, > because then you're creating an AD object for something that doesn't exist > yet, but other than that, I didn't have a real reason. Anyone have a better > reason? > > > > Joe Heaton > > AISA > > Employment Training Panel > > 1100 J Street, 4th Floor > > Sacramento, CA 95814 > > (916) 327-5276 > > [EMAIL PROTECTED] > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
