Problem joining computer to domain in SCCM OSD TS

October 11, 2011

In an SCCM OSD Task Sequence i had put in the step to join the computer to a domain, using a low-priviliged account.
This special serviceaccount had been granted the right to join computers to the domain, by using the Delation of Control wizard in ADUC. (Active Directory Users and Computers)
This worked fine the first time the computer was imaged.

The second time during imaging however, the domainjoining step failed.

When i tried to manually join the system to the domain afterwards, using the credentials of the serviceaccount, i got an “Access is denied” error.

So a little googling turned up with this KB arcticle, which mentioned exactly this problem.

It turns out that when you use the standard Delegation of Control wizard to grant someone the right to join computers to the domain, this does not include the resetting of the computer password, which is exactly what is done when you re-install a computer that was already joined to a domain.
By following the steps in the KB article and granting additional rights to the account, everything worked fine.