Has Anyone seen this before? I have a user who is in a group that has delegated rights to create, delete, and modify computer objects in the domain.... nobody but this guy is having issues joining machines to the domain.. when I created the computer account in the domain and set the list of who can join the machine to the domain to the delegated group he can join the computer to the domain otherwise the following shows up in the security log Object Open: Object Server: Security Account Manager Object Type: SAM_SERVER Object Name: CN=Server,CN=System,DC=xxu,DC=xx,DC=xxx,DC=com Handle ID: - Operation ID: {0,89820723} Process ID: 600 Process Name: C:\WINDOWS\system32\lsass.exe Primary User Name: SERVERDC01$ Primary Domain: WIN2K3DOM Primary Logon ID: (0x0,0x3E7) Client User Name: ANONYMOUS LOGON Client Domain: NT AUTHORITY Client Logon ID: (0x0,0x55A5828) Accesses: MAX_ALLOWED Privileges: - Properties: --- samServer Access Mask: 0 For more information, see Help and Support Center at