Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Unable to re-add laptops to domain

Posted on 2013-05-14
1
Medium Priority
?
2,185 Views
Last Modified: 2013-05-19
Hi,


I have a whole bunch of laptops which are currently being re-imaged at the moment. Once this process is complete the next step is to add them to the domain using a temporary account which I have delegated access to join machines to the domain but I am getting an error message:

“The Join Operation was not successfully. This could be because an existing computer having name “XXXXXXX” was previously created using a different set of credentials. Use a different computer name or contact your administrator to remove any stale conflicting account. To the error was Access is denied”

The laptop accounts are still in their respective OUs and I have deleted one of the computer objects from the domain assuming that it conflicts with the same laptop name which associates to a unique SID but unfortunately I still get the same issue.

I have no issue re-joining the laptop to the domain if I use my own account which has Domain Admin rights.

I delegated the following permissions:

 - Create selected objects in this folder and Delete selected objects in this folder.
 -  Reset Password
 -  Read and write Account Restrictions
 -   Validated write to DNS host name
 -  Validated write to service principal name

Essentially I want to give this account the very minimal amount of permissions to simply re-add these computer accounts to the domain


Any help would be greatly appreciated
0
Comment
Question by:dcirona86
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 24

Accepted Solution

by:
Nagendra Pratap Singh earned 2000 total points
ID: 39167068
The full list would be
   
Create Computer Objects
    Delete Computer Objects

    Read All Properties
    Write All Properties
    Read Permissions
    Modify Permissions
    Change Password
    Reset Password
    Validated write to DNS host name
    Validated write to service principle name

http://jonconwayuk.wordpress.com/2011/10/20/minimum-permissions-required-for-account-to-join-workstations-to-the-domain-during-deployment/
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question