cancel
Showing results for 
Search instead for 
Did you mean: 

how to configure domain join user permissions

Highlighted
Occasional Visitor

how to configure domain join user permissions

This document https://docs.pulsesecure.net/WebHelp/Content/PCS/PCS_AdminGuide_8.2/Configuring%20Authentication.htm says "

Specify a username that has permission to join computers to the Active Directory domain.

Use the “Delegate Control” workflow in Active Directory to assign the following user account permissions to the username or to a group to which the user belongs:

  • Write
  • Write All Properties
  • Change Password
  • Reset Password
  • Validate Write to DNS hostname
  • Read and write DNS host attributes
  • Delete Computer Objects
  • Create Computer Objects
    "

But Active Directory configuration is much more complicated than that. So, delegate to the user, but on what container? The container where the Pulse device computer objects are going to be created? The container where users are located (so that their passwords can be reset)? And which object types are those permissions referring to? "computer objects"? users? ...

1 REPLY 1
Moderator

Re: how to configure domain join user permissions

the containers where computer objects & users are stored (if they are different)
both computer & user objects