10 –
the Default Limit of Workstations a User Can Join to the Domain
By default, Windows 2000 allows authenticated users to join ten machine accounts to the domain – by granting "Add workstations to domain" privilege to the Authenticated Users group by default.
251335 Domain users cannot join workstation or server to a domain
This default was implemented to prevent misuse, but can be overridden by an administrator by making a change to an object in Active Directory.
Note that users in the Administrators or Domain Administrators groups, and those users who have delegated permissions on containers in Active Directory to create and delete computer accounts, are not restricted by this limitation.
The Default Limit of the Number of Computers an Authenticated User Can Join to a Domain can be overridden by using either of the following methods:
* Use the Ldp (Ldp.exe) tool included in the Microsoft Windows Resource Kit.
* Use an Active Directory Services Interface (ADSI) script to increase or decrease the value of the Active Directory ms-DS-MachineAccountQuota attribute. To do this:
1. Install the Windows 2000 Support tools if they have not already been installed. To install these tools, run Setup.exe from the Support\Tools folder on the Windows 2000 Server or the Windows 2000 Professional CD-ROM.
2. Run Adsiedit.msc as an administrator of the domain.
3. Expand the Domain NC node. This node contains an object that begins with "DC=" and reflects the correct domain name. Right-click this object, and then click Properties.
4. In the Select which properties to view box, click Both.
5. In the Select a property to view box, click ms-DS-MachineAccountQuota.
6. In the Edit Attribute box, type a number. This number represents the number of workstations that you want users to be able to maintain concurrently.
7. Click Set, and then click OK
کد:
http://paulelso.wordpress.com/2009/11/28/10-the-default-limit-of-workstations-a-user-can-join-to-the-domain/