If there is currently no service user account, or you wish to start with a fresh service user account, then continue following the next section. If a service user account already exists, then the next step can be skipped. The second thing that we will need is a service user account that will be delegated control within AD, allowing the account rights to perform domain join operations.
All of the steps outlined in this tutorial will be performed on an AD DC.
In order to perform the following steps, access to an Active Directory Domain Controller (AD DC) is required. This tutorial will walk though the process of setting up a service user account, and then delegating permission to perform a domain join with that new non Admin service user account. In order to accomplish this, we can configure a user that has delegated control on the computers OU within Active Directory that will allow that service user account the appropriate rights to perform the domain join operation. In order to join new computers/servers to an Active Directory domain, a user account with domain join permissions must be used to join new prospective computers to said domain.
#Powershell join domain specific ou windows
Granting a Windows Service Account Domain Join Delegated Permissions Using Secrets Manager to Join Active Directory Using Secrets Manager to Configure Wordpress Working with SSH Keys in Windows with Putty Windows Server 2016 Sysprep with EC2Launch Service Windows Server 2012 R2 Sysprep with EC2Config Service Windows Service Account Domain Join Delegation