Your network contains an Active Directory domain.
You have a user account that is a member if the Domain Admins group.
You have 100 laptops that have a standard corporate image installed. The laptops are in workgroups and have random names.
A technician named Tech1 is assigned the task of joining the laptops to the domain. The computer accounts of each laptop must be in an organizational unit (OU) that is associated to the department of the user who will use the laptop. The laptop names must start with four characters indicating the department, followed by a four-digit number.
Tech1 is a member of the Domain Users group only. Tech1 has the administrator logon credentials for all the laptops.
You need Tech1 to join the laptops to the domain. The solution must ensure that the laptops are named correctly, and the computer accounts of the laptops are in the correct OUs.
Solution: You pre-create the computer account of each laptop in Active Directory Users and Computers.
You instruct Tech1 to sign in to each laptop, to rename each laptop, and then to join each laptop to the domain by using System in Control Panel.
Does this meet the goal?
A. Yes
B. No
During pre-creation you can add a group who can join this computer object to domain. In default its Domain Admins.
This would work if it was changed to Domain Users group because tech1 is only domain user.
Since it`s not written we need to assume that it wasn`t changed.
In default any authentiacted user can join up to 10 machines limit (by default, user SID is written int attribute of that computer object). So in this case tech1 would be able only to join that 10 computers.
From what I`ve tested it`s possible to do it as an “offline join” by djoin /provision and from computer side djoin /requestODJ. It doesn`t matter then if the computer is really offline, it will simply join it base on the file, only needs local admin rights.
48given answer is correct ..B.NO.
Solution: You script the creation of files for an offline domain join, and then you give the files to Tech1.
You instruct Tech1 to sign in to each laptop, and then to run djoin.exe.
I suggest the answer is YES
https://www.petenetlive.com/KB/Article/0001536
There it says:
Solution Option 4 – Pre-Stage Computer Objects in Active Directory
How Does This Work
When a computer is joined to a domain a few things happen, the account you are using is checked, if it’s a normal, (not delegated or non domain admin) user, then the SID (Security Identifier) of that user is stamped on the COMPUTER object in a value called ms-DS-CreatorSID
What does NOT happen:
There is NOT value on the USER object that increments by one for each machine joined to the domain, the ONLY reference is on the COMPUTER object. Yes this seems inefficient, but there we go that’s how it works.
If the user has delegated rights to create computer objects, or is a member of domain admins then, ms-DS-CreatorSID is left empty, (if you query it using PowerShell or programatically it will return ‘null’).
Answer – B
You have 100 laptops – without delegation Tech1 will end up with 10 laptops joined to domain
https://blogs.technet.microsoft.com/dubaisec/2016/02/01/who-can-add-workstation-to-the-domain/
I made a mistake here
The correct answer is NO
You have to use Netdom to put in the correct OU otherwise it will end in the default containers
Reference: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc788049(v%3Dws.11)
This one should be A