Unable to join computer accounts

Home Forums Microsoft Networking and Management Services Active Directory Unable to join computer accounts

This topic contains 3 replies, has 4 voices, and was last updated by Avatar kgoering 5 years, 7 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • Avatar
    Anishk
    Participant
    #164051

    Hi,

    We were using one user account having domain join permission to join our computer accounts in AD. But from today, we are getting error like “you have exceeded the maximum number of computer accounts you are allowed to create in this domain”. Plz help.

    Regards,
    Anishk

    Avatar
    Ossian
    Moderator
    #189802

    Re: Unable to join computer accounts

    Domain Admins can join unlimited computers to the domain.
    Non-admins can only join up to (IIRC) 10, so you have hit this limit.

    It can be changed in Group Policy, so you will need to change to a higher limit, make sure the policy is replicated and applied and then normal service should resume.

    Avatar
    kgoering
    Member
    #386585

    Re: Unable to join computer accounts

    Hi,

    We have joined more than 1000 computer accounts using this. The problem started all of a sudden today. The user is a member of local admin and has been assigned the permission of joining computer accounts to domain.

    Regards,
    Anishk

    Ossian;285352 wrote:
    Domain Admins can join unlimited computers to the domain.
    Non-admins can only join up to (IIRC) 10, so you have hit this limit.

    It can be changed in Group Policy, so you will need to change to a higher limit, make sure the policy is replicated and applied and then normal service should resume.

    Avatar
    James Haynes
    Member
    #252033

    Re: Unable to join computer accounts

    you can use ADSIedit and see what the value for “ms-DS-MachineAccountQuota” is. that will tell you what your limit is or has been changed to.

    its a possibility that someone just added a couple zeros to the default and never thought you would ever join that many. sometime people admins forget that there are instances where computers must be joined and disjoined and rejoined and yada yada…

    another thing is that sometimes people will use that delegation and never know, then that account is used with a WDS image and after you image 10 computers the rest will fail… we dont understand, it worked at first and now they never join or get the software packages??

    you will need appropriate permissions to use ADSIedit to look at and change the “ms-DS-MachineAccountQuota” value.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.