add servers to domain without being a domain admin? 1

[azcats]

Is it possible to grant a user privileges to add a server to a domain without giving that user domain admin rights? Our R&D group is constantly rebuilding its development and QA servers. I would like to free up the IT department from having to add these servers to the domain every time they are rebuilt.

Thanks.

 

[ningbo]

of course ,you can.

 

[azcats]

Ok, would you please tell me how... Thanks.

 

[SmittyNMCI]

There are two ways to do this. The first and the one I would recommend considering it sounds like you will allow more than one or two people to perform this function is to create a security group say AddComputers. In Add Computers and Users snap-in, right click the domain and select properties, Select security, select advanced, select the group that you just created, select view/edit and check the following:

Read Account Restriction
Write Account Restriction
Reset Password
Validate Write to DNS Host Name
Validate Write to Service Principle Name

These are the minumum ACL's to allow someone to join a server or computer to a domain.

The other way is to individually check these ACL's for each person you want to allow this function. Good luck.

Jeffery Smith (Smitty)
PEC Solutions Inc.
BS - Computer Application & Networking
A+ Network+ MCSA MCSE