Computer not joined to domain after imaging completes
search cancel

Computer not joined to domain after imaging completes

book

Article ID: 268681

calendar_today

Updated On:

Products

Ghost Solution Suite

Issue/Introduction

Successfully able to upload an image as well as download and installing the image.  We are facing an issue of joining the computer to the domain.

Microsoft's netsetup.log file is a valuable resource when you troubleshoot a domain join issue. The netsetup.log file is located at C:\Windows\Debug\netsetup.log per the following KB:

Active Directory domain join troubleshooting guidance

In this case the netsetup.log file contained the following entries and the 0x8ac error is generally a permissions issue:

06/22/2023 10:11:06:549 IsLegacyAccountReuseSetInRegistry: RegQueryValueEx for 'NetJoinLegacyAccountReuse' returned Status: 0x2. 
06/22/2023 10:11:06:549 IsLegacyAccountReuseSetInRegistry returning: 'FALSE''.
06/22/2023 10:11:06:565 NetpCheckIfAccountShouldBeReused: Failed to NetpLsaLookupSidFromName. NetStatus: 8ac
06/22/2023 10:11:06:565 NetpCheckIfAccountShouldBeReused:fReuseAllowed: FALSE, NetStatus:0x8ac
06/22/2023 10:11:06:565 NetpModifyComputerObjectInDs: Failed to check if account can be re-used. Error: 0x8ac 
06/22/2023 10:11:06:565 NetpProvisionComputerAccount: LDAP creation failed: 0x8ac
06/22/2023 10:11:06:565 NetpProvisionComputerAccount: Cannot retry downlevel, specifying OU is not supported
06/22/2023 10:11:06:565 ldap_unbind status: 0x0
06/22/2023 10:11:06:565 NetpJoinCreatePackagePart: status:0x8ac.
06/22/2023 10:11:06:565 NetpJoinDomainOnDs: Function exits with status of: 0x8ac
06/22/2023 10:11:06:565 NetpJoinDomainOnDs: status of disconnecting from '\\adsmcs2.matrix.txstate.edu': 0x0
06/22/2023 10:11:06:565 NetpResetIDNEncoding: DnsDisableIdnEncoding(RESETALL) on 'matrix.txstate.edu' returned 0x0
06/22/2023 10:11:06:565 NetpJoinDomainOnDs: NetpResetIDNEncoding on 'matrix.txstate.edu': 0x0
06/22/2023 10:11:06:565 NetpDoDomainJoin: status: 0x8ac

Environment

Ghost Solution Suite (GSS) 3.3

Resolution

Confirmed that the user account configured in the GSS Console under Tools > Security was a local admin but not a domain admin as required by Microsoft. 

Resolved by configuring the GSS Console to use a domain admin account under Tools > Security.

Additional Information

Active Directory domain join troubleshooting guidance

KB5020276—Netjoin: Domain join hardening changes

171714 How the Domain Join Process works in Ghost Solution Suite

254267 Domain joins fail after installing October 2022 windows updates

Powered by Wolken Software