Share via

Azure Active Directory Domain Service - Delegate Domain Join Permission

Matthew McKenzie 1 Reputation point
2022-10-14T02:52:08.603+00:00

Using Azure Active Directory Domain Services and I need to create a service account from a standard privileged account but it needs to be able to be delegated domain join. I can't right click and do the delegation permissions. It says I don't have permissions as an administrator of the AADDS domain. Is the only way to make this work by changing the default from 10 computers to like 10000?

Microsoft Entra
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Carlos Solís Salazar 17,971 Reputation points
    2022-10-14T10:23:11.79+00:00

    Hi @Matthew McKenzie

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    There are some considerations when using service accounts:

    • You can't create a service account in the built-in AADDC Users or AADDC Computers OUs.
    • Instead, create a custom OU in the managed domain and then create service accounts in that custom OU.

    This custom group is a group managed service account (gMSA), you can create it following these steps

    Hope this helps!

    ----------

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
    NOTE: To answer you as quickly as possible, please mention me in your reply.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.