I want to allow only specific user accounts to add computer do a domain
(role Create_Computer).
For this purpose, i have the rule "Include members of group PC_Admins
that are Users). Well, no problem there.

I would also allow the same assistant admin group (named PC_Admins) to
manage the computers. I want them to allow modify the ManagedBy
It should select another group of users (not the first one mentioned

So i created 2 Active Views
1) AV_Create Computer
- Exclude users matching ?????## in any OU in any domain
- Include members of group PC_Admins
- Include OU L0 (thats the only OU i want to create new computers)
Ok, AV worked, when creating a computer it is allowed only pick the
members of PC_Admins group to allow them join the computer to a domain

2) AV_Manage Computers
- Include OU L0
- Include users matching ?????## in any OU in any domain

Both AVs are linked to AA PC_Admins assistant admin group.
By creating the second AV, it overrides the first one and it is allowed
to pick normal user account to join the computer to a domain.

Shortly> Create computer => use only accounts listed in PC_Admins group,
others should not be listed; Manage computer => list all accounts
(matching specific wildcard) except PC_Admins group

Is it possible?

Meky's Profile: https://forums.netiq.com/member.php?userid=6696
View this thread: https://forums.netiq.com/showthread.php?t=49807