Allow an ordinary user to add a computer to a domain

Method 1: Assign rights using the Default Domain Group policy

1. Open the Default Domain Group policy.

2. Navigate through Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment.

3. Expand User Rights Assignment.

4. Double-click Add workstations to Domain.

5. Check the Define these policy settings box.

6. Press the Add User or Group button.

7. Complete the dialog to add the user or group.

8. Press Apply and OK

Method 2: Grant the "Create Computer Objects" and "Delete Computer Objects" Access Control Entries (ACEs) to the User

1. From the Active Directory Users and Computers snap-in, click Advanced Features on the View menu so that the Security tab is exposed when you click Properties.
2. Right-click the Computers container, and then click Properties.
3. On the Security tab, click Advanced.
4. On the Permissions tab, click Authenticated Users, and then click View/Edit.
   
   NOTE: If the Authenticated Users group is not listed, click Add and add it to the list of permission entries.
5. Make sure the This object and all child objects option is displayed in the Apply onto box.
6. From the Permissions box, click to select the Allow check box next to the Create Computer Objects and Delete Computer Objects ACEs, and then click OK.