Restrict domain admins from joining servers to domain.

Posted on

A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about Restrict domain admins from joining servers to domain. was one problem in server stack that need for a solution. Below are some tips in manage your windows server when you find problem about windows, active-directory, user-permissions, , .

I work for a large company that has acquired multiple additional sites over the last 5 years. We’re fully integrated these sites into our corporate site. The problem I’m running into now is, most of the sites have a local admin, and these admins don’t always play nice with us.

So what’s happening is, sometimes we have new servers added and old servers decommissioned at these sites without involving the server team. I’m looking for a way to restrict the join domain privilege based on operating system type. So I want to restrict all server domain join functions to the server team only. The site people still need to be able to add workstations to the domain.

If you don’t want these people to join servers to the domain, you probably don’t want them to be domain admins.

You can give them restricted permission accounts that just have the delegated rights to join machines to the domain within a enclosed OU structure and run reports on actions taken there to ‘intercept’ unauthorised joins, but this really isn’t a technical issue; your problem is you have people with domain admin rights who you don’t trust to administer the domain, and the best answer will always be to take admin rights away from people who can’t be trusted with them.

Leave a Reply

Your email address will not be published. Required fields are marked *