Active Directory : Add Computer Accounts2021/12/07 |
Add Computer Accounts on Active Directory.
By default, if you don't add Computer Accounts by yourself on AD, Computers can join in Domain with any common users rights who don't have admin privileges.
So if you'd like to limit authentication users when computers join to Domain, Add Computer Accounts beforehand. If you would add Computer Accounts beforehand, by default, only users who are in [Domain Admins] group can authenticate when computers join in Domain. |
|
[1] | Run PowerShell with admin privilege and configure like follows. |
# show current computer list PS C:\Users\Administrator> Get-ADComputer -Filter * | Format-Table DistinguishedName DistinguishedName ----------------- CN=FD3S,OU=Domain Controllers,DC=srv,DC=world # for example, add a computer [RX-0] PS C:\Users\Administrator> New-ADComputer -Name RX-0 # verify PS C:\Users\Administrator> Get-ADComputer -Filter * | Format-Table DistinguishedName DistinguishedName ----------------- CN=FD3S,OU=Domain Controllers,DC=srv,DC=world CN=RX-0,CN=Computers,DC=srv,DC=world # to specify OU, run like follows PS C:\Users\Administrator> New-ADComputer -Name RX-7 ` -Path "OU=Computers,OU=Hiroshima,DC=srv,DC=world" # if you'd like to add a specific user who can authenticate to AD when computer joins, set like follows PS C:\Users\Administrator> dsacls "CN=RX-0,CN=Computers,DC=srv,DC=world" /G FD3S01\Serverworld:CALCGRSDDTRC; # to delete computer accounts, run like follows PS C:\Users\Administrator> Remove-ADComputer -Identity "CN=RX-9,CN=Computers,DC=srv,DC=world" Confirm Are you sure you want to perform this action? Performing the operation "Remove" on target "CN=RX-9,CN=Computers,DC=srv,DC=world". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y |
Active Directory : Add Computer Accounts (GUI)
|
On GUI configuration, set like follows.
|
|
[2] | Run [Server Manager] and open [Tools] - [Active Directory Users and Conputers], next, right-Click [Computers] on the left pane and select [New] - [Computer]. |
[2] | Input a new Computer name. By default, the users who are in [Domain Admins] group can authenticate when computers join in Domain, however, if you'd like to change it, Click [Change] button for [User or group] section. |
[3] | A new Computer is just added. |
Sponsored Link |