0 votes

I'm trying to get the function to let a normal user join a computer to the domain by using the Create Computer command in Adaxes. The task I want to fulful is to let a helpdesk user create a computer in AD and set the option "User or group that can join the computer to domain.." to a normal user to let that user join his/hers computer to the domain using the name specified by helpdesk.
The problem is that the helpdesk user can successfully add the computer object and assign the end user that will join it, but when the end user tries to join the domain windows gives the error:
"The join operation was not successful.. .access is denied."

Anyone that knows what I'm missing?

by (260 points)
0

Hello Niclas,

Can you answer the following questions to troubleshoot the issue:

  1. What version of Adaxes are you using?
  2. What operating system is running on the computer where Adaxes is installed?
  3. What is the functional level of your AD domain? For information on how to get it, see below.
  4. Does this happen with every computer created by the helpdesk or only with some of them?
  5. Have there ever existed a computer with the same name in your domain before? Maybe, you are reusing standard names for your computers?

How get the functional level of your AD domain:

  1. Right-click your domain in the Administration Console and select Properties.
  2. The functional level will be displayed on the General tab.
0

Hello,

See answers below.

Can you answer the following questions to troubleshoot the issue:

  1. What version of Adaxes are you using? 3.7.11218.0
  2. What operating system is running on the computer where Adaxes is installed? Server 2012
  3. What is the functional level of your AD domain? For information on how to get it, see below. Forest and dom level are 2012
  4. Does this happen with every computer created by the helpdesk or only with some of them? Have tested with three names. All the same error
  5. Have there ever existed a computer with the same name in your domain before? Maybe, you are reusing standard names for your computers? Both reused and new names
0

Niclas,

Can you answer one more question? Is the issue reproduced if you try doing the same using Active Directory Users and Computers (ADUC)?

0

I'm not sure how I should do that test? Normal users doesn't have the "User Rights Assignment - Add computers to domain" right.
Do I need to set special permission on the computer object to test?

0

Hello Niclas,

We mean that you need to create a computer account using ADUC and specify who can join the account to the domain. When performing the task, use the account that was used to register your AD domain in Adaxes. Then, try joining the new computer to the domain.

Also, can you have a look at Adaxes Event Log for any errors and/or warnings related to inability to modify AD security settings of the new computer objects. For information on how to access the Event Log, see the following help article: http://www.adaxes.com/help/?ServiceAdmi ... ntLog.html.

1 Answer

0 votes
by (260 points)

A little wierd, but now it actually works fine. The only thing I know is that the Adaxes server has been rebooted once between the tries. But case closed. :D

0

Hello Niclas,

Thanks for the update!

Related questions

0 votes
1 answer

Hello, How can I grant right for Service Desk to reste a Computer Object? Thanks.

asked Jun 27, 2016 by tentaal (1.1k points)
0 votes
1 answer

Hello. I'm fairy new with script on in Adaxes but like to make a business rule that moves computer to the correct OU and set an extended attribute with a numeric value. I found ... 2. How do I get that. Is there a smarter way to place computers in correct OU?

asked Mar 4, 2015 by Klas (460 points)
0 votes
1 answer

I would like to know if it is possible to create a field in the web UI under user management to "assign" a machine to a user. I would like to be able to put the ... be moved to "workstation OU. Is there s custome field that can be used to accomplish this?

asked Oct 22, 2020 by copatterson (70 points)
0 votes
1 answer

Hi, would it be possible to script a workstation in AD and also directly from our local SCCM environment ?

asked Oct 28 by ddesmedt (40 points)
0 votes
1 answer

Hello, I'm trying to create a business rule that will update a user account expiry date when that user logs in for the first time. I'm new to Adaxes, so I don't have a ... updated by a user's action, such as "Last Logon". Is it possible to make this work?

asked Mar 6 by sjjb2024 (60 points)
3,589 questions
3,278 answers
8,303 comments
548,107 users