Permissions on a specific OU needed to join a computer to Active Directory;
This object and all descendant object
– Create computer objects
– Delete computer objects
Descendant computer objects:
– Read all properties
– Write all properties
– Read permissions
– Modify permissions
– Change password
– Reset password
– Validate write to DNS host name
– Validate write to service principal name