The Deployment Bunny

OS Deployment, Virtualization, Microsoft based Infrastructure…

  • Archives

  • Meta

Back to Basic: Permissions needed in AD to “mess” with computers during OS Deployment

Posted by Mikael Nystrom on February 2, 2012

No, nothing new at all, this is more of a “Note”; I hate to look this up around my own notes when I troubleshoot things. This normally applies to the WDS account when WDS is installed on something else then the DC (which should be the case) or you use a BuildAccount in MDT LTI

The following permissions are needed in the OU where account X should be able to create computer accounts

Scope: This Object and all descendant objects

  • Create Computer Objects
  • Delete Computer Objects

Scope: Descendant Computer Objects

  • Read All Properties
  • Write All Properties
  • Read Permissions
  • Modify Permissions
  • Change Password
  • Reset Password
  • Validated write to DNS host name
  • Validated write to services principal name

/Mike – Over and Out

One Response to “Back to Basic: Permissions needed in AD to “mess” with computers during OS Deployment”

  1. [...] Read his post here. February 22, 2012 Active Directory, Permissions No Comments Short URL [...]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

Join 3,710 other followers

%d bloggers like this: