VBScript program to give a group or user permission to join a computer to a domain. The computer Distinguished Name is hard coded in the program. The group or user is also hard coded in the program as an NT trustee in the form "MyDomain\NTName", where "MyDomain" is the NetBIOS name of the domain, and "NTName" is the NT name (sAMAccountName, or "pre-Windows 2000 name") of the group or user that will be granted permission.

When a computer object is created in the Active Directory Users and Computers MMC, you are given the option of specifying a group or user that can join the computer to a domain. By default, only members of the group "Domain Admins" have permission to do this. Once the computer object is created, you can grant this permission to a group or user by specifying the proper permissions on the Security tab of the properties dialog for the computer object. The four permissions are:

Reset Password
Validated write to DNS host name
Validated write to security principal name
Write Account Restrictions

This program grants these four permissions to the user or group specified for the computer object designated.

JoinComputer.txt <<-- Click here to view or download the program