Task sequence fails to rejoin a computer to the domain
Hello, We have a service account that is supposed to add computers to our domain during OSD. It works fine with machines that are not currently on the domain (or have been deleted from AD prior to running the task sequence), but it fails on computers that are currently on the domain. So far the only suspicious thing I've found in netsetup.log is: 06/16/2011 17:45:06:996 NetpMapGetLdapExtendedError: Parsed [0x5] from server extended error string: 00000005: SecErr: DSID-031A1169, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 Currently the service account has Create computer objects and Read/write all properties rights to the root OU and it is inherited to all sub-OUs. Do you think this issue is related to the rights delegated for the service account? Thanks in advance!
June 22nd, 2011 9:30pm

Hi If you are going to re-join the domain you also need delete computer permissions, here is a post from Stefan which describes what permissions are needed: http://www.msfaq.se/2009/12/creating-a-domain-join-account/ Regards, Jörgen-- My System center blog ccmexec.com --
Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2011 10:04pm

Thanks! This was my suspicion, but I wanted a second opinion before contacting our AD admins.
June 22nd, 2011 10:19pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics