IT Share NVP -ViettechgroupVN-Phuong Nguyen blog | Share make us stronger Knowledge is Sharing Viettechgroup- Sharing Make Us Stronger-Kiến thức CNTT là sự chia sẻ- NVP-Chia sẻ làm chúng ta mạnh hơ| ITShareNVP Channel | Phương Nguyễn | Phuong Nguyen Blog| Lưu trữ kiến thức chia sẽ kinh nghiệm CNTT | Phương Nguyễn

How to Delegate permission to allow users to join computers to AD-Join Domain

0 2,802


The story of system administration of enterprises is usually medium-sized, medium-sized, enterprise… If our business is small, usually the network administrator does all of it, ie roles and system admin roles, network admin is 1, in general, all in one 🙂 that is the natural story to reduce costs for businesses. However, for a large enterprise SMB to a system of a few thousand users to several hundred thousand users, the IT helpdesk needs and clearly assigns tasks.

Mr. System Admin administers the Domain controller and then can give you Helpdesk or some other unit such as Outsoucing to have the right to join or join computers to the domain. The story sets out that we can’t do it all alone, so we have to allow authorization for some groups or helpdesk users to do this work. Of course, exclude some users who have joined the domain 10 times.


Today Phuong Nguyen will share with you a little trick in Domain controller network administration. To do this, there are 2 ways to do it:

  • Assign rights to the user/group using the Default Domain Group Policy.
  • Delegate rights to users using Active Directory Users and Computers.

Delegate rights to users using Active Directory Users and Computers

To perform delegation go to start-> type the command run Active Directory Users & Computers

Create a group to authorize for example GroupITHelpdesk

Add the users that need to be authorized to join, for example: jsisen, phuong

If you want to authorize any OU, select that OU or you can choose the whole domain 🙂 right-click and select delegation

Chọn Nex->

Select -> Add group just created above and select ok->next.

Select Delegation the following Common tasks-> Join a Computer to the domain

Or choose Create a custom task to delegate, then choose Create computer object and Delete.

Check Finish

So Phuong Nguyen shares how to authorize an account or group that can have the right to join the domain. We can hand over to the IT helpdesk guys to do each join task.

Hehehe If you find it interesting, remember to like and share it for IT guys and if you copy the article, remember to write the source from the article.

Phương Nguyễn Written

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More