When attempting to join a domain, the following is returned:
In the following example, user2 does not have the correct permissions in Active Directory (AD).
[root@host1 bin]$ ./domainjoin-cli --loglevel debug --logfile /tmp/join.log join --ou 'My OU' example.com user2 Joining to AD Domain: example.com With Computer DNS Name: host1.example.com User2@EXAMPLE.COM's password: Error: LW_ERROR_LDAP_CONSTRAINT_VIOLATION [code 0x00009d7b]
This issue typically occurs because the user specified to join the computer to the Active Directory domain does not have the permissions required to add and modify computer objects.
To correct this issue, verify the user has the correct permissions to add and modify computer objects, or use an account such as Administrator.
Even if an object for the computer pre-exists in AD, the administrator account used to join to the domain must have access to modify objects as certain attributes must be modified on join.