question

CptRetro-6424 avatar image
0 Votes"
CptRetro-6424 asked CptRetro-6424 answered

Domain Join with PowerShell fails

Hello,

in my lab environment I set up the Microsoft Deployment Toolkit and create and import an application which is basically a powershell script to join the machine to the domain. The task sequence just contains the installation of windows server 2019 and the domain join script. When it comes to the execution of that script this error appears:

Add-Computer : Computer 'TEST-MACHINE' failed to join domain 'LAB.lcl' from its current workgroup
'WORKGROUP' with following error message: Multiple connections to a server or shared resource by
the same user, using more than one user name, are not allowed. Disconnect all previous
connections to the server or shared resource and try again.
At \\SRVDC01.LAB.lcl\DeploymentShare$\Applications\APP_Join-Domain\Join.ps1:258 char:41
+ ... Add-Computer -ComputerName "$env:COMPUTERNAME" -DomainNam ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (SRVINFRA01:String) [Add-Computer], InvalidOperat
ionException
+ FullyQualifiedErrorId : FailToJoinDomainFromWorkgroup,Microsoft.PowerShell.Commands.AddComp
uterCommand


Thats the code:

 <LAB>
     <Config Active = "True" >
         <Accounts>
             <DomainMembership UserName = "LAB\ACC_DomainAction" Password = "UGEkJHcwcmQ=" /> #its just Pa$$w0rd
         </Accounts>
     </Config>
     <App TaskName = "LAB" Active = "True" >
         <Task Name = "DomainMembership" Active = "True" Order = "0" Action = "Join" Domain = "LAB.lcl" />
     </App>
 </LAB>
 '@
    
 $DAUserName = $($Global:TaskXML.LAB.Config.Accounts.DomainMembership.Username) 
 $DAPassword = LAB-Decode-Password -EncPassword $($Global:TaskXML.LAB.Config.Accounts.DomainMembership.Password)
 $DACred = New-Object System.Management.Automation.PSCredential -ArgumentList @($DAUserName,(ConvertTo-SecureString -String $DAPassword -AsPlainText -Force))
    
 If($ActiveTask.Action -eq "Join"){
     If((Get-module ActiveDirectory).Name -eq 'ActiveDirectory'){
         Write-Host "PS module ActiveDirectory already imported" -BackgroundColor Green -ForegroundColor Black
     }Else{
         Import-Module ActiveDirectory
         Write-Host "PS module ActiveDirectory imported" -BackgroundColor Green -ForegroundColor Black
     }
    
     net stop server  #A hint from the internet
     net start server #A hint from the internet
     Add-Computer -ComputerName "$env:COMPUTERNAME" -DomainName $ActiveTask.Domain -Credential $DACred -Force -PassThru -Verbose
 }


I also try net stop and start the server service without any effect.

Any idea how to solve this issue?


Cheers


windows-server-powershell
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

CptRetro-6424 avatar image
0 Votes"
CptRetro-6424 answered

One more thing that I noticed is that I use netdom join with credentials it fails again with the same error message. But my installation user that I use to run MDT has also domain join permissions. Therefore I remove the UserD and PAsswordD part of my netdom command and it works. However, it is not the solution that I prefer but it works.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CptRetro-6424 avatar image
0 Votes"
CptRetro-6424 answered

Maybe I'm on the wrong track and the problem is in the number of (TCP) connections. Can this be the case?

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.