What is the point of creating a computer object in Active Directory when you still have to join computers to the domain, which then creates the object anyway?
What is the point of creating a computer object in Active Directory when you still have to join computers to the domain, which then creates the object anyway?
When you create the account first you can place it in the right OU (and with the right security groups, creds to Evan Anderson) from the start.
You can pre-create a computer object and assign permission to a non-admin to perform the join.
We delegated out the ability to create computer accounts. However, we have delegated it to the appropriate OU for the organization. So given the typical contoso.com that Microsoft uses, imagine that there is an OU for Europe. We want to make sure all the computer objects get created in Europe by the European admins. That ensures all GPOs apply appropriately and it ensures that you don't get this cluttered computers folder at the root. When the US admins come along, they can only create computer accounts in the US OU. Again, GPOs apply properly, etc. It also ensures that a US admin can't take out a Europe computer account. You get the idea.