Solved

Unable to re-add laptops to domain

Posted on 2013-05-14
1
1,979 Views
Last Modified: 2013-05-19
Hi,


I have a whole bunch of laptops which are currently being re-imaged at the moment. Once this process is complete the next step is to add them to the domain using a temporary account which I have delegated access to join machines to the domain but I am getting an error message:

“The Join Operation was not successfully. This could be because an existing computer having name “XXXXXXX” was previously created using a different set of credentials. Use a different computer name or contact your administrator to remove any stale conflicting account. To the error was Access is denied”

The laptop accounts are still in their respective OUs and I have deleted one of the computer objects from the domain assuming that it conflicts with the same laptop name which associates to a unique SID but unfortunately I still get the same issue.

I have no issue re-joining the laptop to the domain if I use my own account which has Domain Admin rights.

I delegated the following permissions:

 - Create selected objects in this folder and Delete selected objects in this folder.
 -  Reset Password
 -  Read and write Account Restrictions
 -   Validated write to DNS host name
 -  Validated write to service principal name

Essentially I want to give this account the very minimal amount of permissions to simply re-add these computer accounts to the domain


Any help would be greatly appreciated
0
Comment
Question by:dcirona86
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 23

Accepted Solution

by:
Nagendra Pratap Singh earned 500 total points
ID: 39167068
The full list would be
   
Create Computer Objects
    Delete Computer Objects

    Read All Properties
    Write All Properties
    Read Permissions
    Modify Permissions
    Change Password
    Reset Password
    Validated write to DNS host name
    Validated write to service principle name

http://jonconwayuk.wordpress.com/2011/10/20/minimum-permissions-required-for-account-to-join-workstations-to-the-domain-during-deployment/
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question