List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: SV: SV: [ActiveDir] Adding Servers to AD

Prev Next

You are not authorized to post a reply.

Author

Messages

henrikpettersson User is Offline

Posts:3

10/25/2007 8:53 AM
v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} st1\:*{behavior:url(#default#ieooui) } ” I think what Henrik is asking is how are these users able to logon to a server to do the join? Servers are not normally accessible for logon by all users. While your group might have the ability to create a computer account in AD for a server/workstation, only someone with local admin authority on the server can do the join. I had the same question in my mind when I saw your question originally. Mike Thommes” Japp….that’s correct, that’s what I wondered. The easiest way to do this…in my opinion (if you want a special group to join computers/servers to AD) is to create groups based on WMI-filters. Henrik Pettersson IT-tekniker PREEM PETROLEUM AB (publ) 556072-6977 IT-Drift Tfn nr: +46 (0)8670 30 86 Mobil nr: +46 (0)70 450 19 03 Fax nr: +46 (0)10 450 19 88 E-mail: henrik.pettersson@preem.se Från: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] För Thommes, Michael M. Skickat: den 25 oktober 2007 13:52 Till: ActiveDir@mail.activedir.org Ämne: RE: SV: [ActiveDir] Adding Servers to AD I think what Henrik is asking is how are these users able to logon to a server to do the join? Servers are not normally accessible for logon by all users. While your group might have the ability to create a computer account in AD for a server/workstation, only someone with local admin authority on the server can do the join. I had the same question in my mind when I saw your question originally. Mike Thommes From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of mck1012 Sent: Thursday, October 25, 2007 6:43 AM To: ActiveDir@mail.activedir.org Subject: Re: SV: [ActiveDir] Adding Servers to AD Some user have rights to add computer objects to the domain. They are only suppose to be adding their local computers but there is nothing stopping them from adding a server. Say if they install 2k3 server on a laptop or buy a server without the corp office knowing. We have a network with over 100,000 users and about 100 sites so we want to prevent the remote users from doing this. It does not happen often but we dont want to take a chance. ----- Original Message ---- From: Pettersson Henrik To: ActiveDir@mail.activedir.org Sent: Thursday, October 25, 2007 6:33:45 AM Subject: SV: [ActiveDir] Adding Servers to AD This users, why should they have access to servers?? Or do they join computers via any tools?? Henrik Pettersson IT-tekniker PREEM PETROLEUM AB (publ) 556072-6977 IT-Drift Tfn nr: +46 (0)8670 30 86 Mobil nr: +46 (0)70 450 19 03 Fax nr: +46 (0)10 450 19 88 E-mail: henrik.pettersson@preem.se Från: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] För peter.t.johnson@accenture.com Skickat: den 24 oktober 2007 15:13 Till: ActiveDir@mail.activedir.org Ämne: RE: [ActiveDir] Adding Servers to AD I would do this with powershell. Much easier and a concrete reason to learn the new tech. From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of mck1012 Sent: 24 October 2007 15:08 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Adding Servers to AD Thats what I am working on now. Does anyone have a sample VBscript to search for server 2003 computers and disable. I will edit to only search some OU's. ----- Original Message ---- From: "peter.t.johnson@accenture.com" To: ActiveDir@mail.activedir.org Sent: Wednesday, October 24, 2007 8:43:04 AM Subject: RE: [ActiveDir] Adding Servers to AD Not as far as I know. At least not with native tools as the system doesnʼt differentiate between Servers and workstations at this level. You might be able to come up with a script that runs on a schedule and confirms that a machine in the OU is a server and then disable its account and wait for the screaming. You would be able to do this with WMI. From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of mck1012 Sent: 24 October 2007 13:03 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Adding Servers to AD Win2k3 AD in native mode. Have delegated control to several users in remote sites to be able to add computer objects to the domain. Is there a way to prevent these users from adding servers to the domain. We want them to only be able to add workstations. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > SV: SV: [ActiveDir] Adding Servers to AD

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads