Does this meet the goal?

Your network contains an Active Directory domain.
You have a user account that is a member of the Domain Admins group.
You have 100 laptops that have a standard corporate image installed. The laptops are in workgroups and have random names.
A technician named Tech1 is assigned the task of joining the laptops to the domain. The computer accounts of each laptop must be in an organizational unit (OU) that is associated to the department of the user who will use the laptop. The laptop names must start with four characters indicating the department, followed by a four-digit number.
Tech1 is a member of the Domain Users group only. Tech1 has the administrator logon credentials for all the laptops.
You need Tech1 to join the laptops to the domain. The solution must ensure that the laptops are named correctly, and the computer accounts of the laptops are in the correct OUs.
Solution: You script the creation of files domain join, and then you give the files to Tech1.
You instruct Tech1 to sign in to each laptop, and then to run djoin.exe.
Does this meet the goal?
A. Yes
B. No

microsoft-exams

4 thoughts on “Does this meet the goal?

  1. I believe the answer is No. Everything I’m seeing is you need to use adsiedit to modify the ms-DS-MachineAccountQuota attribute. The other option would be to add Tech1 to the Domain Admins group but that would violate the principal of least priviledge. Nothing in my research supports using djoin to provision an offline domain join will allow Tech1 to join more than 10 computers to a domain.

    https://support.microsoft.com/en-us/help/243327/default-limit-to-number-of-workstations-a-user-can-join-to-the-domain

    1. If the administrator pre-creates the accounts in AD, this count of 10 computers does not apply.

  2. Solution: You script the creation of files for an offline domain join, and then you give the files to Tech1.
    You instruct Tech1 to sign in to each laptop, and then to run djoin.exe.

    http://support.microsoft.com/kb/243327/en-us

    When creating computer accounts by using “djoin /provision” command, the computer accounts are created by domain administrator (not Tech1), which has no limitation on the number of computer accounts.

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.