Delegation of permissions
Lukasz Zalewski
lukas at eecs.qmul.ac.uk
Thu Oct 11 03:34:24 MDT 2012
Hi Marc
On 11/10/12 10:12, Marc Muehlfeld wrote:
> Matthieu is currently thinking about a modification problem, too. He is
> looking on my bug report at the moment an I provided him some outputs
> https://bugzilla.samba.org/show_bug.cgi?id=9267
This is great news :)
>
>> How are you joining the machines to the domain? - are you explicitly
>> defining
>> the OU they should go to?
>
> I go on XP to 'network identification' -> 'change' -> click 'Domain' ->
> enter our Domain 'MUC' -> click 'OK' and in the following window I enter
> 'administrator' and it's password. So it is joined to the 'computers'
> container.
Ah possibly this might be the problem. I'm assuming your delegated
domain joining user does not have permissions granted on CN=Computers
>
> I'm new to the whole AD thing. During the last 10 years I just
> administrate a s3 domain with XP clients and haven't find out yet, that
> I can directly join to OUs. :-)
You can try the following:
If you have a machine already on the domain with RSAT installed (it
might work without RSAT as long as the relevant binaries are present)
you can re-direct the default Computers container:
As Domain Administrator (or equivalently privileged user), run
%SYSTEMROOT%\system32\redircmp <DN path to alternate OU>
Similarly you can redirect default Users container:
%SYSTEMROOT%\system32\redirusr <DN path to alternate OU>
Although i have not used the user one - most of our users are imported
through scripts or added directly through ADUC
More info:
http://support.microsoft.com/kb/324949
*Note*
redircmp will make the new OU container a default container and every
machine that will be joined to the domain (without explicitly defining
different OU) will end up there
L
More information about the samba-technical
mailing list