Problem joining computer to domain in SCCM OSD TS

In an SCCM OSD Task Sequence i had put in the step to join the computer to a domain, using a low-priviliged account.
This special serviceaccount had been granted the right to join computers to the domain, by using the Delation of Control wizard in ADUC. (Active Directory Users and Computers)
This worked fine the first time the computer was imaged.

The second time during imaging however, the domainjoining step failed.

When i tried to manually join the system to the domain afterwards, using the credentials of the serviceaccount, i got an “Access is denied” error.

So a little googling turned up with this KB arcticle, which mentioned exactly this problem.

It turns out that when you use the standard Delegation of Control wizard to grant someone the right to join computers to the domain, this does not include the resetting of the computer password, which is exactly what is done when you re-install a computer that was already joined to a domain.
By following the steps in the KB article and granting additional rights to the account, everything worked fine.

Advertisements

Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: