How to Allow or Prevent Domain Users from Joining Workstations to Domain

How to Allow or Prevent Domain Users from Join Workstations to Domain

By default, Active Directory allows members of the Authenticated Users group to join up to 10 computer accounts to the default Computers container.

Read:

If a user tries to add more than 10 workstations, they are likely to receive one of the following error messages:

  • “The machine account for this computer either does not exist or is unavailable.”
  • “Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased.”
  • “The following error occurred attempting to join the domain “domain.com”.

Based on this scenario, the following post will run through the steps on editing the amount of device that can be connected or will be blocked all together.

This demo uses a Windows Server 2012 R2 domain controller, however similar steps can be used for in a Windows Server 2008 environment as well.

Also Read

Note – This limit is do not apply for any user account which is a member of domain admins or enterprise admins group.

1)    Log in to the DC server as domain admin or enterprise admin.
2)    Go to Server Manager > Tools > ADSI Edit

How to Allow or Prevent Domain Users from Join Workstations to Domain

 

3)    In console expand default naming context and select the correct domain. Where you would like to do this.

How to Allow or Prevent Domain Users from Join Workstations to Domain

 

4)    Then right click on it and select “properties

How to Allow or Prevent Domain Users from Join Workstations to Domain

 

5)    Once list is open find the attribute called ms-DS-MachineAccountQuota.

This is the attribute responsible for above limit. By default its set to 10. If set it to 0 it will disable this limit and otherwise the value can adjust based on the requirements.

How to Allow or Prevent Domain Users from Join Workstations to Domain

6)    Once done click on ok until you exit from the popup window.

Must Read:

 

Hope this Post is clear for you guys .. Don’t forget to leave your comment ..

Check Also

Active Directory Complete Guide

Active Directory Complete Guide

Here I am sharing my knowledge on the complete Active Directory Guide in a single …

One comment

  1. Nice one thanks bro

Leave a Reply

Your email address will not be published. Required fields are marked *