Account to read AD, join machine to domain, delete computer accounts and move computers to OUs
Posted
by Ben
on Server Fault
See other posts from Server Fault
or by Ben
Published on 2010-05-25T16:47:21Z
Indexed on
2010/05/25
16:51 UTC
Read the original article
Hit count: 331
I want to create an account that will perform the following:
- Join computers to a domain (not restricted to 10, like a normal user)
- Check for computer accounts in AD
- Delete computers from AD
- Move computers between OUs
I don't want to allow it to do anything else, so don't want a domain admin account.
Can anyone guide me in the right direction in terms of permissions? Not sure if I should be using delegation of control wizard?
Cheers,
Ben
© Server Fault or respective owner