Domain Join Permissions Required For Users in Active Directory
If you work as an IT system administrator, you probably have come across this quite often. I don’t know how many times I have seen people be Domain Administrator without there being a more justified reason than “it was easy”.
Follow the steps described in this blog post to mitigate this issue.
This is quite a simple task to do in Windows Server using Delegation of Control.
Here’s how you do it:
1. Open Active Directory Users & Computers
2. Right click the desired domain and select Delegate Control
3. Press Next on the first screen
4. Press Add
5. Find the desired user
6. Press OK and then press Next
7. Select Join a computer to a domain
8. Press Next and then Finish
You should never delegate more permissions to the user than what is required. Using the Delegation of Control functionality in Active Directory helps with this task.
About the author
Daniel Classon works as a Senior Consultant at Mansoft, focusing on Microsoft Configuration Manager, Windows 10 and Powershell