Announcement

Collapse
No announcement yet.

Unable to join computer accounts

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unable to join computer accounts

    Hi,

    We were using one user account having domain join permission to join our computer accounts in AD. But from today, we are getting error like "you have exceeded the maximum number of computer accounts you are allowed to create in this domain". Plz help.

    Regards,
    Anishk

  • #2
    Re: Unable to join computer accounts

    Domain Admins can join unlimited computers to the domain.
    Non-admins can only join up to (IIRC) 10, so you have hit this limit.

    It can be changed in Group Policy, so you will need to change to a higher limit, make sure the policy is replicated and applied and then normal service should resume.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Unable to join computer accounts

      Hi,

      We have joined more than 1000 computer accounts using this. The problem started all of a sudden today. The user is a member of local admin and has been assigned the permission of joining computer accounts to domain.

      Regards,
      Anishk


      Originally posted by Ossian View Post
      Domain Admins can join unlimited computers to the domain.
      Non-admins can only join up to (IIRC) 10, so you have hit this limit.

      It can be changed in Group Policy, so you will need to change to a higher limit, make sure the policy is replicated and applied and then normal service should resume.

      Comment


      • #4
        Re: Unable to join computer accounts

        you can use ADSIedit and see what the value for "ms-DS-MachineAccountQuota" is. that will tell you what your limit is or has been changed to.

        its a possibility that someone just added a couple zeros to the default and never thought you would ever join that many. sometime people admins forget that there are instances where computers must be joined and disjoined and rejoined and yada yada...

        another thing is that sometimes people will use that delegation and never know, then that account is used with a WDS image and after you image 10 computers the rest will fail... we dont understand, it worked at first and now they never join or get the software packages??

        you will need appropriate permissions to use ADSIedit to look at and change the "ms-DS-MachineAccountQuota" value.
        its easier to beg forgiveness than ask permission.
        Give karma where karma is due...

        Comment

        Working...
        X