By default, Active Directory allows members of the Authenticated Users group to join up to 10 computer accounts to the default Computers container.
If a user tries to add more than 10 workstations, they are likely to receive one of the following error messages:
- “The machine account for this computer either does not exist or is unavailable.”
- “Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased.”
- “The following error occurred attempting to join the domain “domain.com”.
Based on this scenario, the following post will run through the steps on editing the amount of device that can be connected or will be blocked all together.
This demo uses a Windows Server 2012 R2 domain controller, however similar steps can be used for in a Windows Server 2008 environment as well.
Note – This limit is do not apply for any user account which is a member of domain admins or enterprise admins group.
1) Log in to the DC server as domain admin or enterprise admin.
2) Go to Server Manager > Tools > ADSI Edit
3) In console expand default naming context and select the correct domain. Where you would like to do this.
4) Then right click on it and select “properties”
5) Once list is open find the attribute called ms-DS-MachineAccountQuota.
This is the attribute responsible for above limit. By default its set to 10. If set it to 0 it will disable this limit and otherwise the value can adjust based on the requirements.
6) Once done click on ok until you exit from the popup window.
Hope this Post is clear for you guys .. Don’t forget to leave your comment ..