Solved

active directory delegation control

Posted on 2014-03-21
2
333 Views
Last Modified: 2014-03-27
We configure active directory delegation control for particular user to join a computer to domain.
If we add a new computer to domain then it successfully join to domain. But if same computer remove form domain and rejoin again we are getting error. Please find attachment for screen shot.
Same I was doing in administrator account this computer was re- join to domain. There is something delegation issue. Please help me to resolve this issue.
Error.jpg
0
Comment
Question by:rsbgroup
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39944979
Two things you need to do:

In addition to delegation, in Default domain policy GPO, grant same user \ group "add workstation to domain" user rights and then run gpupdate /force on DC, may be DC reboot is more useful.
Now you can try rejoining existing accounts, it should work
If still you face issues, try below.
When you rejoin same computer to domain again, 1st reset its existing computer account in active directory by right clicking it and click on reset computer
This will reset its existing binding by resetting its secure channel
Then hopefully you can able to rejoin same computer account again

Mahesh
0
 
LVL 5

Accepted Solution

by:
Arjun Vyavahare earned 500 total points
ID: 39944992
Hi,

Suggestion you to refer below link, which has given step by step screenshot based information along with the solution:

http://chentiangemalc.wordpress.com/2012/07/27/case-of-the-domain-join-failure/

I hope this will solve your issue.

Regards,
Arjun
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question