PDA

View Full Version : delegating ADD computer rights to helpdesk

John
09-29-2006, 08:26 PM
Hi,
Just wanted to get few ideas how some of you manage the addition and
removal of computername in your AD environment.
I am task with coming up with a solution that would allow the desktop group
the ability to ONLY add and remove computers based on a particular OU in AD
.. I was thinking of perhaps delegating "ADD computer to network rights" to
the desktop group however when a computer is added to the domain the
computer account is re-directed to the default computers OU. I know I can
have the desktop group create the computer account in the appropriate OU
then join the computer to the domain. This appears to work but I just wanted
to get some ideas what tools or processes your desktop group currently uses.

TIA
John
Jorge de Almeida Pinto [MVP - DS]
09-30-2006, 04:07 AM
http://blogs.dirteam.com/blogs/jorge/archive/2006/01/05/369.aspx
--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"John" <John@somewhere.com(Don't Spam)> wrote in message
news:%23OLtp0$4GHA.1012@TK2MSFTNGP05.phx.gbl...
> Hi,
> Just wanted to get few ideas how some of you manage the addition and
> removal of computername in your AD environment.
> I am task with coming up with a solution that would allow the desktop
> group
> the ability to ONLY add and remove computers based on a particular OU in
> AD
> . I was thinking of perhaps delegating "ADD computer to network rights"
> to
> the desktop group however when a computer is added to the domain the
> computer account is re-directed to the default computers OU. I know I can
> have the desktop group create the computer account in the appropriate OU
> then join the computer to the domain. This appears to work but I just
> wanted
> to get some ideas what tools or processes your desktop group currently
> uses.
>
> TIA
> John
>
>