To grant the HCP computer account HCP management permissions, you need to assign the necessary permissions either to the AD group you created or to the Domain Computers group.
HCP management permissions allow the HCP computer account to create computer accounts and manage computer account properties for each node in the system.
To assign permissions to the AD group or to the Domain Computers group:
1.In the left panel of the Active Director Users and Computers window, right-click the OU or CN in which you want HCP computer accounts to be created and select Properties from the dropdown menu.
The Properties window opens.
2.Click the Security tab.
3.On the Security tab, click the Advanced button.
The Advanced Security Settings window opens.
4.Click the Add button.
The Permission Entry for HCP window opens.
5.Click the Select a Principle link.
The Select User, Computer, Service Account, or Group window opens.
6.In the Enter object name to select field, type the name of the AD group you created in the previous step, or type Domain Computers if you decided not to create an AD group for HCP management in the previous step. Then click the OK button.
The Permission Entry window opens.
7.In the Permission Entry window:
oIn the Apply to field, select Descendant Computer objects.
oUnder Permissions, select the boxes in the Allow column for:
Read all properties
Write all properties
Delete
Change password
Reset password
Then click the OK button.
Depending on the version of Active Directory that you are using, the Permission Entry page will appear as one of the two following images.
New version of AD
Old version of AD
8.In the Advanced Settings window, click the Add button again.
The Select User, Computer, Service Account, or Group window opens.
9.In the Enter object name to select field, type the name of your AD group, or type Domain Computers if you decided not to create an AD group for HCP management in the previous step. Then click the OK button.
The Permission Entry window opens.
10.In the Permission Entry window:
oIn the Apply to field, select This object and all descendant objects.
oUnder Permissions, select the boxes in the Allow column for:
Create Computer objects
Delete Computer objects
Then click the OK button.
Depending on the version of Active Directory that you are using, the Permission Entry page will appear as one of the two following images.
New version of AD
Old version of AD
11.In the Advanced Security Settings window, click the OK button to close the window.
12.In the Properties window, click the OK button to close the window.
© 2015, 2020 Hitachi Vantara LLC. All rights reserved.