Delegation of joining PC's to domain

[jmajorz24]

If someone could point me in the right direction on how to accomplish the following goal I would greatly appreciate it. I am wanting to delegate the right to add/delete computer objects in the default computer container in Active Directory. This group of users should only be able to add/remove PC's to and from the domain and no other rights. How can I do this? Any help is greatly appreciated. I know that regular users can add 10 workstations to the domain by default so please refrain from that being your answer

Thanks

 

[2hr]

You can delegate control to do this.

First you'll have to have (make) a group in the active directory users & computers (perhaps you'll even want to make an OU in which this group resides so you can apply policies).

Then rightclick the OU computers and select delegate control. This will start a wizard in wich you can select the group you want to delegate control to, and just what kind of control: full -normally for enterprise admins-, read or write only for computer objects for instance

If you want a more detailed control over what rights you are delegating, you can right-click the OU computers and select properties, go to the tab security and click on advanced.