While domain join errors may not be immediately present when following the KB article only, we recommend you complete the procedure below to ensure optimal operation of AD Bridge.
Powershell join domain specific ou windows#
However, AD Bridge requires additional rights not required natively by Windows systems. Additionally, joining systems directly to a targeted OU ensures that they will receive the appropriate security and configuration setting (for example, GPO) without delay.įor more information about the basic rights required for joining a computer to a specific OU, please see the following knowledgebase article from Microsoft under the section “Users cannot join a computer to a domain”: įollowing the KB article grants the minimum required rights to limit any errors on domain join.
This is the preferred method since scoping the location for an account to create computer objects in the domain is more secure. We recommend designating a specific OU to hold all subordinate AD Bridge joined systems and that delegation is granted over this OU. The following procedure can be performed either at the root of the domain, the Computers OU, or one or more specific OUs. Additional modifications are required to ensure that a computer account can join the domain in all circumstances.
Powershell join domain specific ou how to#
How to Delegate Control in Active Directory Delegate Control to Join AD Bridge Computers to the Domainīecause of the complexities outlined in the Domain Join Process Overview, the basic delegation procedure described in the Delegation of Control Overview is not sufficient.
0 kommentar(er)
