Default limit to number of workstations a user can join to the domain

Article translations Article translations
Article ID: 243327 - View products that this article applies to.
This article was previously published under Q243327
Expand all | Collapse all

SUMMARY

By default, Windows 2000 allows authenticated users to join ten machine accounts to the domain. If a user attempts to join an eleventh machine account, the error messages listed in the following Microsoft Knowledge Base Article are displayed:
251335 Domain users cannot join workstation or server to a domain
This default was implemented to prevent misuse, but can be overridden by an administrator by making a change to an object in Active Directory.

Note that users in the Administrators or Domain Administrators groups, and those users who have delegated permissions on containers in Active Directory to create and delete computer accounts, are not restricted by this limitation.

MORE INFORMATION

The number of workstations currently owned by a user is calculated by looking at the ms-DS-CreatorSID attribute of machine accounts.

To modify Active Directory to allow more (or fewer) machine accounts on the domain, use the Adsiedit tool.

WARNING Using Adsiedit incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Adsiedit can be solved. Use Adsiedit at your own risk.
  1. Install the Windows Support tools if they have not already been installed. This is necessary only for Windows 2000 and Windows Server 2003. For Windows Server 2008 and Windows Server 2008 R2, Adsiedit is installed automatically when you install the Active Directory Domain Services role.
  2. Run Adsiedit.msc as an administrator of the domain. Expand the Domain NC node. This node contains an object that begins with "DC=" and reflects the correct domain name. Right-click this object, and then click Properties.
  3. In the Select which properties to view box, click Both. In the Select a property to view box, click ms-DS-MachineAccountQuota.
  4. In the Edit Attribute box, type the number of workstations that you want users to be able to maintain concurrently.
  5. Click Set, and then click OK.

Properties

Article ID: 243327 - Last Review: April 4, 2011 - Revision: 4.0
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)
  • Microsoft Windows Server 2003 R2 Datacenter x64 Edition
  • Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
  • Microsoft Windows Server 2003 R2 Enterprise x64 Edition
  • Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003 R2 Standard x64 Edition
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 Standard without Hyper-V
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
Keywords: 
kbenv kbinfo KB243327

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com