Most of you know the limit of 10 times authenticated users can join machines to a domain. Upping the limit, or removing it is a very simple thing to do, however everytime someone asks me, I have to go back to look it up again. At least if I have it on my own blog, I’ll know where to start looking next time.
The Active Directory attribute you need to change is mS-DS-MachineAccountQuota which is a property of the domain object. Here’s the steps to change it:
- Start ADSI Edit (start/run/adsiedit.msc)
- Expand out the Domain node, right click on DC=<yourdomain>,DC=com and select properties
- Scan down to ms-DS-MachineAccountQuota
- Modify the value as appropriate, or clear the value to remove the limit entirely.