1

While joining (for the first time) workstations to the domain provided by our server running Windows Server Essentials, I've encountered the following subtle behavior:

The account that I would use to join the domain, using the Windows Server Connector invariably becomes a member of the Local Administrators group, thus inherits privileges I didn't want it to inherit in first instance.

Basically I first tried to join the workstation using an account from the Domain Administrators group but received a warning from the wizard in using such account, therefore I've used one of the standard account that would be later used by users.

Question: shall one use a 'domain-joining-specific' or some 'domain-operator' account for joining a workstation to a domain, or is there a better workflow for such task ?

Daniel
  • 6,780
  • 5
  • 31
  • 60
aybe
  • 113
  • 3
  • I am not particularly familiar with the `Windows Server Connector`, which apparently is a `Server Essentials` feature. Can't you skip using it, and just join the domain normally? – Zoredache Nov 24 '15 at 00:31
  • Well I guess I could, just tried to follow the 'rules' :D Will give it a try and post my results back here. Thanks ! – aybe Nov 24 '15 at 01:31

1 Answers1

1

The connector software does a whole lot of stuff for monitoring, backup VPN etc. Do not bypass it. Use a dedicated account for joining pcs if you don't use a "regular" DA account.

Jim B
  • 23,938
  • 4
  • 35
  • 58
  • True, actually the old wizard does not even always work ... I ended up fixing this up by adding a GPO that reconfigures the members of local admins group and it just works :D – aybe Nov 24 '15 at 03:20
  • Make sure you have the latest version of the wizard. It should work. – Jim B Nov 24 '15 at 14:43