No, nothing new at all, this is more of a “Note”; I hate to look this up around my own notes when I troubleshoot things. This normally applies to the WDS account when WDS is installed on something else then the DC (which should be the case) or you use a BuildAccount in MDT LTI

The following permissions are needed in the OU where account X should be able to create computer accounts

Scope: This Object and all descendant objects

• Create Computer Objects
• Delete Computer Objects

Scope: Descendant Computer Objects

• Read All Properties
• Write All Properties
• Read Permissions
• Modify Permissions
• Change Password
• Reset Password
• Validated write to DNS host name
• Validated write to services principal name

/Mike – Over and Out