Set user permission to join the computer to the domain without domain admin rights.

Chetta Busayarat

2 min read
Set user permission to join the computer to the domain without domain admin rights.
Photo by Alexander Andrews / Unsplash

Set delegate right to user can join a computer to the domain controller without admin right.

  1. Open "Active Directory Users and Computers".
  2. Right-click on the container that you want to adda computer to. And and select "Delegate Control".
  1. To continue. Click next.
  1. Click "Add" to select users and groups.
  1. Select a user to delegate.
  1. Click "Next".
  1. Select "Create a custom task to delegate". Click "Next".
  1. Select "Only the following objects in the folder"
    1. Check "Computer object"
    2. Check "Create selected objects in the folder" and click "Next"
  1. Check "Create All Child Objects" and click "Next"
  1. Click "Finish"

Ref: https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/default-workstation-numbers-join-domain

Ref: https://learn.microsoft.com/en-us/answers/questions/1683469/granting-network-configuration-access-to-a-domain

Ref: https://community.spiceworks.com/t/minimum-permission-needed-to-join-computer-to-domain/47862/2