u/J2E1

I'm setting up a new desktop technician role in my AD environment and want to give that group the ability to manage our workstations in AD, to include, creating, moving, deleting, resetting computer objects and joining/unjoining the domain, basically anything needed for our workstations.

I created a new security group and put the account in the group. I went to the top OU where our computer objects live, and the computers container, and went through the delegation wizard. Selected the custom settings, selected computer objects, and chose full control. I verified on the OU and computer objects within, that the group has full control including Reset Password.

The admin logs in, we confirm membership of that group, and token is fresh, When attempting to reset a computer object, he gets access denied. He can move computer objects within the computer container and the assigned OUs.

I did update the Default Domain Controllers policy to allow this group "Add workstations to domain", as we had restricted that previously. Doesn't really apply in this problem, but would come up. I've also added them to allow Computer Account Re-use setting in my Domain Controllers GPO.

I feel like I'm just missing one critical component that I can't track down and haven't had any luck with finding a good article, or CoPilot, ChatGPT, or Claude getting me over the finish line. The goal is to limit entitlement so we move our desktop tech role away from being a Domain Admin. Would love any suggestions!

I have a pretty good soldering iron but I can't seem to get enough heat into this piece to melt the solder and remove the wires. Any open flame and if end up damaging something. I've converted to a all in one and really need to work on my cable management.

I feel like I've seen an awesome migration script that probably works in stages to create new groups in Entra, ensures everything looks the same regarding membership, send as, hidden, etc. Then removes them from AD and updates the display name and email addresses on the entra side.

I have both chargers, which of the 2 are better for battery health and longevity? I've heard that the CH60R00 charges faster and more efficiently, but that's not necessarily best for batteries.

I've never seen an image of what it actually looks like for the AT Hauler from SW: Solo to have AT Walkers attached before being deployed. Has there ever been such a thing?