Assigning permissions for Linux service account to add machines to AD
Create service account.
On the
domain where the machines will be joined: Open Active Directory Users and
Computers. Enable Advanced Features on the "View" menu.
View
the properties of the entire domain.
Select the Security tab, and select Advanced.
- For this object and all descendant objects: Grant Create/Delete Computer objects
- For descendant computer objects: Grant Reset password
- For descendant computer objects: Read/write account restrictions
- For descendant computer objects: Write all properties, Write all validated writes
Comments