The conversation so far has always used an administrator account within
the Active Directory domain. Can anyone enumerate the minimum account
privileges that will permit joining a machine to a domain (i.e.,
acquiring a working keytab file)? Division of responsibilities/least
privilege policy here suggests that I shouldn't be a windows admin, and
I'd really rather not. Anecdote on this list suggests that "normal"
accounts can join a small number of machines to a domain, but I'll be
creating many more than that.
- Stephen P. Schaefer
_______________________________________________
Tech mailing list
[email protected]
http://lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
