Join Domain using modify configuration

Anyone???

I've had a similar problem in the past.  I know this article is about Win2000 domains, but it pertained to me.  Give it a shot.

http://support.microsoft.com/kb/251335/EN-US/

Unfortunetly this doesn't help. The user we use have permissions to ad unlimitid amounts of computers to the domain. We can still join Windows 2003 servers to the domain without problems. So basicly I don't think it is a limitation for the user account we use, to me it apears that it is a problem regarding adding Windows 2008 servers to the domain.

I hat this error also.
If you add the windows 2008 without gicing it an OU it works great. If you want to place it in a OU it fails with the same error you descibe.
I solved it by upgrading to a Windows 2008 domain controlelr that adds a specific security box inside the SAM that win 2008 needs.

Erikw, so what you are saying is that I have to have a Windows 2008 DC in my domain? Do I have to do anything else in my AD or will it work with my current 2003 DC's if I just add the 2008 DC?

/mlogan

add 2008 DC to your domain... adding 2008 DC will change your domain/forest  schema so you should be aware  to that.

i found that:
*******************************************************
The computer account for Cluster resource 'SQL Network Name (WZTEST)' in domain our.domain.com could not be created for the following reason: Unable to create computer account.

The text for the associated error code is: Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased.

The Cluster Service Account may lack the proper access rights to Active Directory. The domain administrator should be contacted to assist with resolving this issue.

I googled this and there is lots to look through, and specifically I was suspicious of there being a problem with the cluster service account. The only rights an account needs to have by default in Active Directory to add computer accounts to the domain is to be part of the group ‘Authenticated Users’, which this account was. I tried putting it into ‘Domain Admins’ temporarily (and yes I did remember to remove it afterwards!). The Network Name still wouldn’t come online, but after I installed the instance into the second node and joined that to the cluster, it just started working okay. Mysterious, but I wasn’t complaining.....
**********************************************

i think that finding the right mix of permissions should do the job.

Well I ended up finding a work around as adding a 2008 DC is not posible.

• For w2008 servers we run a vbs on the DS that creates a computer account in the OU we want.
• Then another vbs runs a wait 15 minutes on the client.
• Then the modify configuration that simply adds the server to the domain. Since the computer account allready exists the server will end up in the right OU.

Of course the create computer account is done using replace tokens :)