-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Raj Pagaku wrote: > Thanks Jerry for your response. It is case (b). The fqdn of the local > machine is set to a domain outside the AD domain name and the user > credentials being used is 'Domain User' and not a 'Domain Admin'. > > Do we need 'Domain Admin' if the local machine domain is outside the AD > domain name? Is this a restriction that will be addressed in the near > future?
This is an AD restriction on the default security assigned to a computer object. When a non-admin is given the right to join a specific machine to the domain, that user is only granted validated write access to thye DnsHostName and servicePrincipalName attributes. A Windows XP box would fail to join the domain in the same way. This doc explains it: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/control_access_rights.asp cheers, jerry ===================================================================== Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFVM/aIR7qMdg1EfYRAhswAKDYOM4LWTHDgsQGKv195kwT9Quo5wCg6xfA NhDch9dN3aADNwSpQ70fxAE= =VrII -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
