We will see in this tutorial how to delegate adding a computer in the domain to your Active Directory user.
Tell me, normally any user making use of an Active Directory domain can add a computer in its own domain. The problem happens when you add your 11th computer. By default, Microsoft has configured a threshold that is blocking you after the 10th addition. When you arrive at the 11th integration, this error message:
The user in question needs some rights to go beyond this limit, including creation and deletion rights on the OU by default ‘Computers’ of your book. We will see later in this tutorial how to configure everything.
Open the console “Active Directory Users and Computers”, click on the OU ‘Computers’ (by default, this is the OU where is created the computer object that you have juste joined to the domain) then click on “Delegate Control…”
Select “Create a custom task to delegate” and then click “Next”.
Select “Only the following objects in the folder” and select the following options:
- Computer objects
- Create selected objects in this folder
Click on “Next”.
In the part “Show these permissions, select the following settings:”
- Creation/deletion of specific child objects
Then in the section “Permissions” select the following parameter:
- Create All Child Objects
Finally click “Next”.
Click on ‘Finish’.
The delegation configuration is now complete, so you can now use the user or one of the users belonging to the group to include computers in the domain and exceed the limit of 10 computers.