This attribute is an attribute of the domainDNS object.

Fire up ADSIEdit.msc and pull up the properties for the
DC=domain-name,DC=com under the Domain NC icon and choose properties. Set
the value of ms-DS-MachineAccountQuota to a value higher than 10.

Or save the following as an .ldf file and import using LDIFDE:

dn: dc=domain-name,dc=com
changetype: modify
replace: ms-DS-MachineAccountQuota
ms-DS-MachineAccountQuota: 100
-

Out of sheer curiosity, is there a reason the computer accounts can't be
pre-created? If the account already exists, this limitation does not apply.


"Limit Computers Join to a Domain"

I guess my question is, why do you want just anyone to be able to add
computers to the domain? Also, do you want them to add computers to a
specific OU or do you just want to add them to the Computers container?


If you want the computers added to a specific OU, the recommendation
GeeB states is very good....create the computer account through the AD
Users and Computers snapin and then join the computer to the domain.

I have typically stated this in designs I have performed:

*** Computer Accounts should always be created first using the Active
Directory Users and Computers Snap-In. Applying this method will avoid
reaching the default maximum count of 10 computer accounts able to join
a domain per divisional network or desktop administrator.

*** When the computer account is joined to the domain locally from the
machine, the default maximum will be reached not allowing the
divisional administrator to be able to add more machines to the domain.
Also by doing this, the computer accounts are not added to their
correspondent division but the general Computers container of AD.

Of course, it is also assumed that you have granted the appropriate
group the proper permissions to manage the computer objects on the
respective OUs. This is accomplished through the Delegation
Wizard....(right click on the appropriate OU and run through the
Delegation Wizard).

Regards,

Patty