== Configuring the nsmsmmpbind account on a unit Active Directory == 1. Using "Active Directory Users & Computers", create a standard user account with the logon name "nsmsmmpbind" in an appropriate Organisational Unit (OU), e.g. "Service Accounts". 1. Right-click the OU the nsmsmmpbind user should be able to add computer accounts to and select "Delegate Control...". Complete the Delegation of Control Wizard as follows: * On the Welcome page click Next * On the Users or Groups page, click the Add... button and add the nsmsmmpbind account created earlier, then click Next * On the Task to Delegate page select "Create a custom task to delegate" and click Next * On the Active Directory Object Type page, select "Only the following objects in the folder:", then tick Computer objects. Also tick "Create selected objects in this folder" and "Delete selected objects in this folder", then click Next * On the Permissions page, select "Create All Child Objects" and "Delete All Child Objects" (this will automatically tick "Creation/deletion of specific child objects", as we have restricted the object type to computer objects only earlier in the wizard). Click Next. * Click Finish 1. Using the Group Policy Management console, edit the Default Domain Controllers Group Policy Object (GPO) as follows: * Right-click the Default Domain Controllers GPO and select Edit... * Under Computer Configuration, navigate to Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment * Double-click the "Add workstations to domain" policy in the details pane on the right * Using the Add User or Group... button add the nsmsmmpbind account to the list of users [[attachment:nsmsmmpbind-AD-permissions.png|{{attachment:nsmsmmpbind-AD-permissions.png||width=75%}}]] 1. Increase the maximum number of computer objects the account can bind from the default of 10 to an appropriate number, e.g. 100 by following the instructions in [[http://support.microsoft.com/kb/243327|Microsoft Knowledge Base article 243327]] to increase the ms-DS-!MachineAccountQuota. ----