LW_ERROR_LDAP_ALREADY_EXISTS

Error

When using AD Bridge and running /opt/pbis/bin/domainjoin-cli join <arguments> to join a Linux or Unix system to the domain, the following error is returned:

/opt/pbis/bin/domainjoin-cli join --ou "MyOU/OU" mydomain.com myadminuser
Joining to AD Domain: mydomain.com
With Computer DNS Name: mycomputer.mydomain.com
myadminuser@mydomain.COM's password:
Error: LW_ERROR_LDAP_ALREADY_EXISTS

Cause

This error is typically encountered while attempting to re-join an existing computer to the domain.

The computer object for this computer still exists in Active Directory (AD) and the admin account you are using to run the domain join command does not have permission to modify computer objects in the domain.

Resolution

This can be resolved either by removing the existing computer object from AD, using Active Directory Users and Computers with an account which has permissions to delete computer objects, or by giving the account modify permissions in the domain.