Permissions needed for joining computer objects to AD (delegation)

Permissions on a specific OU needed to join a computer to Active Directory;

This object and all descendant object
– Create computer objects
– Delete computer objects

Descendant computer objects:
– Read all properties
– Write all properties
– Read permissions
– Modify permissions
– Change password
– Reset password
– Validate write to DNS host name
– Validate write to service principal name

Leave a Reply