Can I create a specific “join user” to be able to join client into the domain?
Can this be done without the “join user” being a domain administrator?
According to our documentation any user being a member in the two groups “Domain Administrators” and “DC Backup Hosts” is able to join a computer to the domain.
You might add the missing group via UMC (webfrontend) or in terminal via
root@ucs:~# udm users/user modify --dn "<USER-DN>" \ --append "groups=cn=DC Backup Hosts,cn=groups,$(ucr get ldap/base)"
It is not possible to create a user being able to join without having administrator privileges.
A “join user” has to be member of the domain administrator group thus always having administrative rights ins the domain.