Continuing the series on domain join failures from https://chentiangemalc.wordpress.com/2012/09/08/case-of-the-domain-join-failure-iiobject-already-exists/
A Windows 10 device had been joined to domain; removed from domain. The computer account in AD had been deleted and recreated. However attempting to manually join domain failed.
The most useful error message was achieved by using the legacy Control Panel’s System Properties Network ID… button to join the computer to the domain. This provided more detailed error then the new Windows 10 Rename your PC or join a domain in System Settings.
In attempting to join domain au.my.internal domain we got an error referencing the old NetBIOS domain name MYDOMAIN. This was no longer accessible as WINS servers had been decommissioned. Note: During the domain join process we made no reference to the old NetBIOS name
The domain name “MYDOMAIN” might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS.
If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain “MYDOMAIN”:
The error was: “DNS name does not exist.”
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.MYDOMAIN
Common causes of this error include the following:
– The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
– One or more of the following zones do not include delegation to its child zone:
. (the root zone)
Unfortunately attempting a packet capture using netsh trace start capture=yes report=yes failed to capture any network traffic, so I installed WireShark and by filtering on dns found the following SRV records were requested:
All were successful except those containing MYDOMAIN
Why was Windows attempting to use the NetBIOS name? I have no idea at this point, However we did join the domain successfully using Windows 10 in-built offline domain join command djoin
From an elevated cmd prompt I ran the following:
runas /user:au.my.internal\chentiangemalc /netonly cmd.exe
And provided the password as required. This allowed us to launch a cmd line with domain credentials for network purposes, without having to be joined to the domain.
To provision the machine onto the domain:
djoin /PROVISION /DOMAIN au.my.internal /MACHINE %COMPUTERNAME% /REUSE /SAVEFILE C:\support\djoin
(Using /REUSE because the computer account had been precreated)
Finally the command to actually join the machine to the domainL
djoin /REQUESTODJ /LOADFILE C:\support\djoin /WINDOWSPATH %WINDIR% /LOCALOS
After a reboot the djoin command had been successful in joining the machine to the domain…when all the Windows in-built GUI options had failed. Yet another reason to be familiar with the CLI…