This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 19%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJF%3C/text%3E%3C/svg%3E)
Hi Team,
I remember when i was working in a company that before we can join a computer to the domain, the computer object must be create ahead in active directory.
How can Force to create a computer object before join the computer to a domain.
What setting is required to enable in GPO to enforce this.
Thanks..
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 82%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
Hi jhon, did you find a solution to your question? I need it too. Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
You can use PowerShell
https://learn.microsoft.com/en-us/powershell/module/activedirectory/new-adcomputer?view=windowsserver2019-ps
--please don't forget to upvote and Accept as answer if the reply is helpful--
before we can join a computer to the domain, the computer object must be create ahead in active directory.
There is no such requirement. The computer account will be created automatically during domain join process. If you wanted to do so anyway you can use PowerShell
https://learn.microsoft.com/en-us/powershell/module/activedirectory/new-adcomputer?view=windowsserver2019-ps
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 59%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECT%3C/text%3E%3C/svg%3E)
By default, an authenticated user without domain admins or delegated permissions can join up to 10 computers in a domain. This value can be changed using the attribute ms-DS-MachineAccountQuota on the domain.
The best option is what DSPatrick suggest
Hi thanks for the responses, but we need to enforce this policy that we mansion above because in sometimes the helpdesk team join computer to the domain without change the default name of a computers, and additionally each time the helpdesk team join a computer to the domain we need to move the object to the correct OU in order to take the GPO policies.
