Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
Nordman992019-12-01 10:18:39
Windows Server
Nordman99, 2019-12-01 10:18:39

How to prevent computers and users not registered in it from joining and working in a Windows Server 2012 and higher domain?

I welcome everyone! Help advice, in general the situation is as follows:
in Windows Server 2012 R2, I raised a domain controller, created a domain, created an organizational unit - organizational unit, OU, in OU - created sections for computers and for user accounts, in them, respectively, I created computer names and user accounts that should be in the domain, so I need that only computers with such names and accounts can be joined to the domain and located in it, if the computer has an unnamed name in the OU of the domain, then it should be denied joining and working in the domain, as well as if the computer has a wound up in OU domain name but the user on it works under an account that is not registered in the OU of the domain, then he should also be denied entry and work in the domain, tried using domain group policies, nothing happens.
For example, computer names are set up in the domain - Comp1, Comp2, Comp3
and user accounts - User1, User2, User3
i.e. I need only computers with such usernames and user accounts to be allowed to join and work in the domain

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
E
Ethril, 2019-12-01
@Nordman99

Oh, a new generation of admins has grown up, who are firmly convinced that only an admin or (who heard about delegation) some special special users with granted rights can enter a computer into a domain by default.
How to prevent a user from entering a PC into a domain?

Report
R
res2001, 2019-12-01
@res2001

1. When you add a new computer to the domain, a new account is created for the computer. If such a name already exists in the domain, there will probably be a conflict. In this case, it is unlikely that the computer will be added to the domain at all.
2. Only the admin can add computers to the domain.
Your Wishlist seems a little strange. It looks like you are trying to solve some problems in the wrong way. If you wrote the ultimate goal, perhaps you would be prompted here to the right solution. In the meantime, your wishlists do not seem to be implemented by standard means.
PS: I haven't used AD for a long time

Report
L
lubezniy, 2019-12-01
@lubezniy

A domain user with the appropriate rights must join a computer to a domain. Maybe just shift the decision of the issue to such a user? And he himself will figure out which computer can be entered and which is not.

Report
D
Dmitry, 2019-12-01
@wedun

Give an example why this might be needed?
Only a user with the appropriate rights can add a computer to the domain.
And without an account in the domain, access to domain resources cannot be obtained.

Similar questions
D
danykeep2015-03-13 14:33:56
Should an enterprise switch to Windows Server 2012 or RHEL7? 3Reply
D
Delicate Ragout2019-08-15 19:38:44
Starting a program by SMS? 2Reply
O
Oleg Shevchenko2017-03-23 08:28:41
Tell me, is it possible to combine the roles of AD, Files Server, IIS? 1Reply
S
squidw2017-03-23 11:32:58
Is it possible in remoteapp to connect to the second user to provide assistance? 0Reply
M
MrDZ2021-03-15 11:52:27
How to find out which process and user is using the winaudio service? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question