Awinish's

By default, any domain users can add up to 10 machines to a domain, the reason is Every domain has a default setting for ms-DS-MachineAccountQuota value 10. You can modify this object in directory to prevent the domain user from joining the machine into domain by using ADSIedit tool to prevent this behavior.

WARNING Using Adsiedit incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Adsiedit can be solved. Use Adsiedit at your own risk.

1. Install the Windows 2000/2003(2008/R2, adsiedit is pre-installed) Support tools if they have not already been installed. Run Setup.exe from the SupportTools folder on the Windows 2000/2003 Server or Professional CD-ROM.
2. Run Adsiedit.msc as an administrator of the domain. Expand the Domain NC node. This node contains an object that begins with “DC=” and reflects the correct domain name. Right-click this object and then click Properties.
3. In the Select which properties to view box, click Both. In the Select a property to view box, click ms-DS-MachineAccountQuota.
4. In the Edit Attribute box, type the number of workstations that you want users to be able to maintain concurrently.
5. Click Set, and then click OK.

Once above steps are done, if user tried to add machine new machine into domain, he will encounter below error message.

Domain Error

http://support.microsoft.com/kb/243327