Granting user permission to remove machine from domain

Discussion in 'Networking & Security' started by PopeKevinI, Mar 11, 2008.

  1. PopeKevinI

    PopeKevinI 2[H]4U

    Mar 25, 2002
    We're trying to automate using netdom to join machines to the domain. The only problem we've run into is that the account we created to do this has permissions to add a machine, but cannot remove it. We're having trouble finding where to give it that permission in AD.

    Can someone clue me in here?

    Before someone starts suggesting sysprep, understand that aside from this small issue we've got our image process down to two steps:

    1) Boot from a floppy or USB drive to start Ghost pulling whichever image we need
    2) Return after the image is done and enter the computer name in a DOS window

    Batch files are great. It renames the PC, reboots it, joins it to the domain, reboots, logs inot the domain, installs antivirus, resets the local admin password, removes the automatic login, cleans up all the batch files, and shuts down. And all we have to do is type the computer name.
  2. LittleMe

    LittleMe 2[H]4U

    Feb 20, 2001
    Open ADUC, go to View, and select Advanced Features. This will give you the Security tab under the Properties view. Then, bring up the Properties for the OU that holds the computer accounts. Find the account you want to give the permissions to, and click Edit. Then, just look for the "Delete Computer Objects" entry.