“Cannot retry downlevel, specifying OU is not supported” when trying to join a machine to a Domain specifying a OU during a Task Sequence.
I have a Task Sequence part of which is meant to join a Windows 7/ Windows Server 2008 R2 computer to my Windows 2003 Domain in a specified Organizational Unit (OU).
However, the Task Sequence is failing and I see the following in the netsetup.log:
NetpMapGetLdapExtendedError: Parsed [0x2098] from server extended error string: 00002098: SecErr: DSID-03150A48, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
NetpModifyComputerObjectInDs: ldap_modify_s failed: 0x32 0x5
NetpCreateComputerObjectInDs: NetpModifyComputerObjectInDs failed: 0x5
NetpProvisionComputerAccount: LDAP creation failed: 0x5
NetpProvisionComputerAccount: Cannot retry downlevel, specifying OU is not supported
ldap_unbind status: 0x0
NetpJoinDomainOnDs: Function exits with status of: 0x5
NetpJoinDomainOnDs: status of disconnecting from ‘\\.’: 0x0
NetpDoDomainJoin: status: 0x5
I’ve tried manually adding the computer to the Domain using the ConfigMgr Domain Join account and this is what I get:
NetpMapGetLdapExtendedError: Parsed [0x2098] from server extended error string: 00002098: SecErr: DSID-03150A48, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
NetpModifyComputerObjectInDs: ldap_modify_s failed: 0x32 0x5
NetpCreateComputerObjectInDs: NetpModifyComputerObjectInDs failed: 0x5
NetpProvisionComputerAccount: LDAP creation failed: 0x5
NetpProvisionComputerAccount: Retrying downlevel per options
NetpManageMachineAccountWithSid: NetUserAdd on ‘.’ for ‘$’ failed: 0x8b0
NetpManageMachineAccountWithSid: status of attempting to set password on ‘.’ for ‘$’: 0x0
This content is restricted to subscribers