HI,
I assigned a user as domain admin. Found it have not permission to approval a computer join domain or exit domain.
could you advice which role for this level?
brgds
Liu Wei
HI,
I assigned a user as domain admin. Found it have not permission to approval a computer join domain or exit domain.
could you advice which role for this level?
brgds
Liu Wei
Hi @liuwei-cesm • Thank you for reaching out.
Any user who is a member of the Managed (Azure AD Domain Services) Domain, can join a computer to the domain (as documented in step 5 under Join the VM to the managed domain). You need to make sure that the account you are using is either synchronized with an on-premises directory or a cloud-only user. You cannot use Guest user account to join the Managed Domain in Azure. Also, make sure the password reset for the user account is done so that the Password Hash is synced from Azure AD to Azure AD Domain Service.
If you are using Local AD (On-premises Active Directory Domain Services), any domain user can join computer to the domain unless you have applied below Group Policy with specific users/groups.
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment. Expand User Rights Assignment > Add workstations to Domain
If this group policy is configured, only users/groups added to this policy can join the computer to the domain.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
7 people are following this question.