0 votes

Looking to add a delegated permission for a specific OU for a security role (Help-Desk) to provide the ability to join machines to the domain and also rename the machines in domain.

by (500 points)

1 Answer

0 votes
by (305k points)

Hello,

provide the ability to join machines to the domain

With the latest Microsoft updates, there is no such possibility at all, not only in Adaxes. For details, see https://support.microsoft.com/en-au/topic/kb5020276-netjoin-domain-join-hardening-changes-2b65a0f3-1f4c-42ef-ac0f-1caaf421baf8.

also rename the machines in domain

If you need to grant native AD permissions, it can only be done if they are initially granted using group membership. In this case, you can use Adaxes to add/remove members from groups. If it is about the Adaxes permissions, have a look at the following tutorial: https://www.adaxes.com/help/GrantRightsToModifySpecificProperties.

Related questions

0 votes
1 answer

Hello, We have recently begun setting up Adaxes and are trying to exercise least privilege on both of the accounts we have created to manage the service. ... account is also given the appropriate Security Role within the Adaxes administrative console.

asked Sep 12, 2023 by just.kon (20 points)
0 votes
1 answer

we'd like to build a New Joiner user account creation procedure and were wondering if Adaxes is able to read a SharePoint list and build a flow that can create user ... in MS365 Exchange online, if the respective new joiner is approved in the SharePoint list.

asked Aug 4 by Lucian (20 points)
0 votes
1 answer

Hi, is there any way to bypass SSO and get directly to the Loginpage when a machine is not joined to the domain? Reason why I'm asking is, in the last months ... machines not connected to the domain to go directly to the Adaxes Login form. Best regards Ingemar

asked Nov 27, 2013 by ijacob (960 points)
0 votes
1 answer

We have created a workflow for creating user accounts and would like the manager of the new user to be the approver for the account but the account is not created until it is ... to use a parameter as an approver. Is there a powershell way to do this maybe?

asked Jan 24, 2020 by mark.it.admin (2.3k points)
0 votes
1 answer

Here is what i have been trying with Set-ADUser -Identity $user -Clear "extensionAttribute5" Set-ADUser -Identity $user -Add @{extensionAttribute5 = "NoLicenseNeeded"}

asked Nov 29, 2021 by Markh (20 points)
3,740 questions
3,418 answers
8,641 comments
550,364 users