Showing results for 
Search instead for 
Did you mean: 

how to configure domain join user permissions

Occasional Visitor

how to configure domain join user permissions

This document says "

Specify a username that has permission to join computers to the Active Directory domain.

Use the “Delegate Control” workflow in Active Directory to assign the following user account permissions to the username or to a group to which the user belongs:

  • Write
  • Write All Properties
  • Change Password
  • Reset Password
  • Validate Write to DNS hostname
  • Read and write DNS host attributes
  • Delete Computer Objects
  • Create Computer Objects

But Active Directory configuration is much more complicated than that. So, delegate to the user, but on what container? The container where the Pulse device computer objects are going to be created? The container where users are located (so that their passwords can be reset)? And which object types are those permissions referring to? "computer objects"? users? ...


Re: how to configure domain join user permissions

the containers where computer objects & users are stored (if they are different)
both computer & user objects