This is a quick post to describe the process of creating a dedicated account for joining machines to an Active Directory (AD) domain. This is useful for things like System Center Configuration Manger task sequences and System Center Virtual Machine Manager templates.
First create a standard Windows user account. Next, right-click on the Computers Organisation Unit (OU) within your AD domain. From the menu choose Delegate Control…
On the next screen (Users or Groups) choose Add and select the user account you just created. Click Next. Choose “Create a custom task to delegate” on the next screen.
Next, choose to only delegate control to computer objects and tick Create and Delete selected objects in this folder. Click Next.
On the next screen choose to show general permissions and from the list select:
- Reset password
- Read and write account restrictions
- Validated write to DNS host name
- Validated write to service principal name
Click Next and finish to complete the wizard. Repeat this process for any other OUs where you’ll be joining computers to the domain.
Richard Skinner 
Pingback: Quick and easy way to create a Domain Join Account | NizMoTek IT Solutions
Pingback: Permisos para añadir Computadoras al Dominio