• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2369
  • Last Modified:

Unable to re-add laptops to domain

Hi,


I have a whole bunch of laptops which are currently being re-imaged at the moment. Once this process is complete the next step is to add them to the domain using a temporary account which I have delegated access to join machines to the domain but I am getting an error message:

“The Join Operation was not successfully. This could be because an existing computer having name “XXXXXXX” was previously created using a different set of credentials. Use a different computer name or contact your administrator to remove any stale conflicting account. To the error was Access is denied”

The laptop accounts are still in their respective OUs and I have deleted one of the computer objects from the domain assuming that it conflicts with the same laptop name which associates to a unique SID but unfortunately I still get the same issue.

I have no issue re-joining the laptop to the domain if I use my own account which has Domain Admin rights.

I delegated the following permissions:

 - Create selected objects in this folder and Delete selected objects in this folder.
 -  Reset Password
 -  Read and write Account Restrictions
 -   Validated write to DNS host name
 -  Validated write to service principal name

Essentially I want to give this account the very minimal amount of permissions to simply re-add these computer accounts to the domain


Any help would be greatly appreciated
0
dcirona86
Asked:
dcirona86
1 Solution
 
Nagendra Pratap SinghCommented:
The full list would be
   
Create Computer Objects
    Delete Computer Objects

    Read All Properties
    Write All Properties
    Read Permissions
    Modify Permissions
    Change Password
    Reset Password
    Validated write to DNS host name
    Validated write to service principle name

http://jonconwayuk.wordpress.com/2011/10/20/minimum-permissions-required-for-account-to-join-workstations-to-the-domain-during-deployment/
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now