September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
8.9. Changing the Maximum Number of Computers a User Can Join to the Domain
Problem
You want to grant users the ability to join more or fewer than 10 computers to a domain. This limit is called the machine account quota.
Solution
Using a graphical user interface
Open ADSI Edit.
Right-click on the
domainDNSobject for the domain you want to change and select Properties.Edit the
ms-DS-MachineAccountQuotaattribute and enter the new quota value.Click OK twice.
Using a command-line interface
In the following LDIF code replace
<DomainDN> with the distinguished
name of the domain you want to change and replace
<Quota> with the new machine account
quota:
dn: <DomainDN> changetype: modify replace: ms-DS-MachineAccountQuota ms-DS-MachineAccountQuota: <Quota> -
If the LDIF file was named
change_computer_quota.ldf, you would then run the
following command:
> ldifde -v -i -f change_computer_quota.ldf
Using VBScript
' This code sets the machine account quota for a domain. ' ------ SCRIPT CONFIGURATION ------ intQuota = <Quota> strDomain = "<DomainDNSName>" ' e.g. emea.rallencorp.com ' ------ END CONFIGURATION --------- set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE") set objDomain = GetObject("LDAP://" & objRootDSE.Get("defaultNamingContext")) objDomain.Put "ms-DS-MachineAccountQuota", intQuota objDomain.SetInfo WScript.Echo "Updated user quota to " & intQuota
Discussion
In a default Active Directory installation, members of the
Authenticated Users group can add and join up to 10 computer ...