Delegation of permissions
Marc Muehlfeld
Marc.Muehlfeld at medizinische-genetik.de
Thu Oct 11 03:43:04 MDT 2012
Am 11.10.2012 11:34, schrieb Lukasz Zalewski:
>> I go on XP to 'network identification' -> 'change' -> click 'Domain' ->
>> enter our Domain 'MUC' -> click 'OK' and in the following window I enter
>> 'administrator' and it's password. So it is joined to the 'computers'
>> container.
> Ah possibly this might be the problem. I'm assuming your delegated domain
> joining user does not have permissions granted on CN=Computers
I followed this guide
http://robiulislam.wordpress.com/2012/02/07/delegate-non-admin-account-to-add-workstations-to-domain/
to grand permissions on CN=computers for the group containing my join-user(s).
I found some other tutorials on the web with the same way.
If I granted on this way, I get
> The computer failed to join the domain "muc". Please contact your
> domain administrator and indicate that the computer failed to
> update the dnsHostName and/or servicePrincipalName (SPN) attribute
> in its Active Directory computer account. Once the problem is
> resolved, you may join the computer to the "muc" domain.
If I grant with any user that is not in this group I get a username/password
error.
> As Domain Administrator (or equivalently privileged user), run
> %SYSTEMROOT%\system32\redircmp <DN path to alternate OU>
>
> Similarly you can redirect default Users container:
> %SYSTEMROOT%\system32\redirusr <DN path to alternate OU>
On my machines with the 2003 administration pack I don't have this two
commands. Maybe it is part of RSAT, what is for W7, right? We currently just
have XP machines.
Regards,
Marc
--
Marc Muehlfeld (IT-Leiter)
Zentrum fuer Humangenetik und Laboratoriumsmedizin
Dr. Klein, Dr. Rost und Kollegen
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-780
http://www.medizinische-genetik.de
More information about the samba-technical
mailing list