Joining computer to the domain and adding computer to specific OU

Microsoft Windows
SQL Server
Hi, all! Usually when you join computer to the domain, the account of this computer is created in Computers container. I have a remote office and OU of this office in AD. That office has a local system administrator. He should be able to join computers in his office to the domain. I've gave him a permission to create computer objects in Computers container. I want his computers to be in his office OU. So I gave him full control permissions on his OU and delete computer objects permission in Computers container. Actually I hoped it would let him move computer accounts from the Computers container to his OU. But he can't because of Access denied error. What have I done wrong? On the other hand I would prefer computer accounts which remote sysadmin creates by joining computer to the domain be created directly in his OU. Is there any way to implement this? Thank you Mykhaylo Khodorev

Answer Wiki

Thanks. We'll let you know when a new response is added.

With scripting tools you just create the computer accounts in the right ou before the installation

Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Petroleumman
    Hello, Sounds like your on the right track....Open AD Users and Computers, right-click the OU that you'd like to give this user permissions in. Select Delegate Control to start the wizard. In the first screen add your user, next select create a custom task to delegate, next where it says delegate control of leave the default setting 'This folder, objects in this folder, creation of new objects in this folder' checked. Next set your permissions or simply assign 'full control', click next and finish and your done.Your admin should now be able to create computer objects in his OU. Remember the control goes only as far as the OU to which you assign control over so plan accordingly. Good Luck!
    0 pointsBadges:
  • Ralfeus
    Permissions to OU is not a problem. I just thought it was any way to choose OU where new computer object should be created depending on user who creates that one. But the option to create computer object before joining computer to the domain fits too. Thank you for response.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: