Exchange 2007 - Exchange Management Shell - Exchange Management Console

How to assign Domain Joining rights to a normal user

Posted by under Active Directory

In active directory by default “Account Operators” have domain joining  rights to workstation but if you dont want to add a user in “Account Operator” group then you can assign domain joinging rights to a normal user with following procedure.

1. Click Start, click Run, type dsa.msc, and then click OK.
2. In the task pane, expand the domain node.
3. Locate and right-click the OU that you want to modify, and then click
Delegate Control.
4. In the Delegation of Control Wizard, click Next.
5. Click Add to add a specific user or a specific group to the Selected users
and groups list, and then click Next.
6. In the Tasks to Delegate page, click Create a custom task to delegate,
and then click Next.
7. Click Only the following objects in the folder, and then from the list,
click to select the following check boxes: . Computer objects
. Create selected objects in this folder
. Delete selected objects in this folder

8. Click Next.
9. In the Permissions list, click to select the following check boxes:. Reset
Password
. Validated write to DNS host name
. Read and write Account Restrictions
. Validated write to service principal name

10. Click Next, and then click Finish.
11. Close the “Active Directory Users and Computers” MMC snap-in.