Account to read AD, join machine to domain, delete computer accounts and move computers to OUs
- by Ben
I want to create an account that will perform the following:
Join computers to a domain (not restricted to 10, like a normal user)
Check for computer accounts in AD
Delete computers from AD
Move computers between OUs
I don't want to allow it to do anything else, so don't want a domain admin account.
Can anyone guide me in the right direction in terms of permissions? Not sure if I should be using delegation of control wizard?
Cheers,
Ben