[TUTO] – Active Directory : how to delegate adding a computer in the domain to a user


We will see in this tutorial how to delegate adding a computer in the domain to your Active Directory user.

Tell me, normally any user making use of an Active Directory domain can add a computer in its own domain. The problem happens when you add your 11th computer. By default, Microsoft has configured a threshold that is blocking you after the 10th addition. When you arrive at the 11th integration, this error message:

The user in question needs some rights to go beyond this limit, including creation and deletion rights on the OU by default ‘Computers’ of your book. We will see later in this tutorial how to configure everything.

Open the console “Active Directory Users and Computers”, click on the OU ‘Computers’ (by default, this is the OU where is created the computer object that you have juste joined to the domain) then click on “Delegate Control…”


Click “Next”.


Click on “Add…” to select the user or group which you want to delegate rights. Then click “Next” to continue.


Select “Create a custom task to delegate” and then click “Next”.


Select “Only the following objects in the folder” and select the following options:

  • Computer objects
  • Create selected objects in this folder

Click on “Next”.


In the part “Show these permissions, select the following settings:”

  • General
  • Creation/deletion of specific child objects

Then in the section “Permissions” select the following parameter:

  • Create All Child Objects

Finally click “Next”.


Click on ‘Finish’.


The delegation configuration is now complete, so you can now use the user or one of the users belonging to the group to include computers in the domain and exceed the limit of 10 computers.

Forum access
A question about this article ? Need help on other subjects ?
Do not hesitate to ask questions directly on the forum Sys-Advisor fromthis link.



Please enter your comment!
Please enter your name here