[Samba] [samba] AD, add computers delegation
mathias dufresne
infractory at gmail.com
Fri Sep 2 16:31:17 UTC 2016
Hi Mark,
Very nice piece of doc. I don't read enough Samba's wiki : )
So I did exactly the same as Samba Wiki's doc except for the two next
options that I didn't checked:
"Read and write DNS host name attributes"
"Write servicePrincipalName"
Regarding SPN writing during join no SPN should be created (I can't figure
a case where joining a computer which is not DC would need such attribute)
and for "Read and write DNS host name attributes" perhaps it come
implicitly with "Validated write to DNS host name". I expect the DNS entry
to be created but I'm not at work now to verify... I'll try to remember to
come back to tell if the DNS entry was created.
Have a nice week-end :)
2016-09-02 18:02 GMT+02:00 Marc Muehlfeld <mmuehlfeld at samba.org>:
> Hello Mathias,
>
> Am 02.09.2016 um 15:35 schrieb mathias dufresne via samba:
> > Following that link https://support.microsoft.com/en-us/kb/932455 we
> > created a delegation to permit some group to add computers into AD.
> > That works except if some computer with same name was already added (even
> > if this computer with same name was previously cleanly removed from AD).
> >
> > Anyone who has idea what we missed?
>
> This is how I successfully delegated the permissions in the past:
> https://wiki.samba.org/index.php/Delegation/Joining_Machines_to_a_Domain
>
>
> Regards,
> Marc
>
More information about the samba
mailing list