2.9.6 Failures while Joining or Unjoining a Domain

Several of the examples in this document describe domain-join tasks that are completed through a series of actions that affect necessary state changes such that the client is joined to the domain (see section 3.1). These changes include those that are local to the client and those that occur in the domain (that is, those that create or modify a computer account object on a domain controller (DC)). In general, failure of any one particular action causes failure of the associated task. Exceptions to this principle are specified where necessary; for example, failed updates to the SNTP protocol [MS-SNTP] during join or unjoin processing are ignored.

Although unlikely, the domain-join tasks that are described in this document might fail when making local (client) state changes. Such failures can occur due to reasons such as resource starvation. The tasks do not attempt to remedy these failure conditions; the only recourse is for the task caller to re-execute the task.

When communicating with a remote machine such as a domain controller, some obvious potential failure conditions include lack of network connectivity, or insufficient security privileges to create or modify a computer account object. The domain-join tasks that are described in this document do not attempt to remedy these failure conditions; the only recourse is for the task caller to re-execute the task. When a task is re-executed, no assumptions are made about the state of a computer-account object in the domain.

All domain-join tasks that are described in this document make reasonable efforts in the face of failure to restore local client state to the original starting state. If those efforts fail, administrator intervention (outside the scope of the task) might be necessary. Similarly, if a task successfully creates or modifies a computer account object in the domain but then fails in a later step, the task makes reasonable efforts to either disable or delete the computer account object. Failure to disable or delete the computer account object in that case might require domain administrator intervention (outside the scope of the task) to apply the changes manually.