Reset Search
 

 

Article

KB2624 - Active Directory (AD) on Windows Server 2000/2003/2008: How can PCS 'join domain' without using a Domain Admin account

« Go Back

Information

 
Last Modified Date10/6/2015 9:00 AM
Synopsis

This article describes how to configure Windows Server 2000, Windows Server 2003, and Windows Server 2008 so that PCS can "join domain" (for Active Directory-based Authentication servers) without using a Domain Admin account.

 

Problem or Goal

Configure Windows Server 2000, Windows Server 2003, and Windows Server 2008 so that PCS can "join domain" (for Active Directory-based Authentication servers) without using a Domain Admin account.

Cause
Solution

 

  1. Identify the user (or group).
    1. Identify the user (or group) that will be granted permission to perform AD operations on behalf of the PCS device. The user (or group) can be any pre-existing user (or group), or it can be a new one that you create.
    2. If you choose to use a group instead of a user, be sure to add to the group a user who you will configure as the administrator on the Active Directory authentication server for the PCS device.
  2. Start Active Directory Users and Computers.
    1. Click Start > Programs > Administrative Tools > Active Directory Users and Computers.
    2. In Active Directory Users and Computers, click View > Advanced Features.
  3. Open Access Control Settings for Computers.
    1. From the left pane, right-click Computers, then click Properties.
    2. In Computers Properties, click SecurityAdvanced.

  • Grant the user (or group) permission to Create Computer Objects and Delete Computer Objects.
    1. In Advanced Security Settings for Computers, click Add.
    2. In Select User, Computer, or Group, manually enter the name of the user (or group) that you want to grant permission to perform AD operations on behalf of the Junos Pulse Secure Access device, then click OK.
    3. In Permission Entry for Computers, in Apply to, select This object only.

  • In Permissions, find Create Computer Objects and Delete Computer Objects, click Allow for each of these permissions, then click OK.

 
 
  • Grant the user (or group) permission to Reset Password and Modify Permissions on Computer objects.
    1. In Advanced Security Settings for Computers, click Add.
    2. In Select User, Computer, or Group, click or manually enter the name of the user (or group) that you want to grant permission to perform AD operations on behalf of the PCS, and then click OK.
    3. In Permission Entry for Computers, in Apply to, click Descendent Computer Objects.

  • In Permissions, find Reset Password and Modify Permissions, click Allow for each of these permissions, then click OK.

     
 
  • Verify that there are no Deny entries that would affect the user (or group).
  • Exit Advanced Security Settings for Computers:
    1. In Advanced Security Settings for Computers, click OK.
    2. In Computers Properties, click OK.
  • Grant the user (or group) permission to Reset Password on user objects.
    1. In Active Directory Users and Computers, right-click Users, then click Properties.
    2. In User Properties, click Security > Advanced.
    3. In Advanced Security Settings for Users, click Add.
    4. In Select User, Computer, or Group, manually enter the name of the user (or group) that you want to grant permission to perform AD operations on behalf of the PCS device, then click OK.
    5. In Permission Entry for Users, in Apply to, click Descendent User objects.

  • In Permissions, find Reset Password, click Allow, then click OK.

 
  • Verify that there are no Deny entries that would affect the user (or group).
  • Exit Advanced Security Settings for Users:
    1. In Advanced Security Settings for Users, click OK.
    2. In Users Properties, click OK.
  • Exit Active Directory Users and Computers.
  • Configure the PCS Active Directory Authentication Server. 
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255