Modifying How Many Machines Non-Administrators Can Add to a Domain

When setting up imaging solutions, it is not uncommon to have a service account for adding machines to the domain.  Naturally, you don’t want this account to have access to anything.  Well non-administrators are only allowed to add 10 machines to the domain, so that puts you in a pickle.  To resolve this we use the ADSI Edit tool as seen below.

1.) Open ADSI Edit from the Administrative Tools or searching for it from Start.

2.) Right click the ADSI Edit option on the left and select “Connect to…”

3.) Leave the default options and select “OK”

4.) Right click your Domain Distinguished Name folder and select “Properties”

5.) On the Attribute Editor tab find the “ms-DS-MachineAccountQuota” attribute.  Set this to whatever you wish, the default being ten, or clear it to make it unlimited.  Select “OK” and you’re done.