LW_ERROR_LDAP_CONSTRAINT_VIOLATION

Error

When attempting to join a domain, the following is returned:

LW_ERROR_LDAP_CONSTRAINT_VIOLATION [code 0x00009d7b]

In the following example, user2 does not have the correct permissions in Active Directory (AD).

[root@host1 bin]$ ./domainjoin-cli --loglevel debug --logfile /tmp/join.log join --ou 'My OU' example.com user2
Joining to AD Domain: example.com
With Computer DNS Name: host1.example.com
User2@EXAMPLE.COM's password:
Error: LW_ERROR_LDAP_CONSTRAINT_VIOLATION [code 0x00009d7b]

Cause

The error typically occurs when the user account in the domainjoin command does not have the permissions required to add and modify computer objects.

Resolution

To correct this issue, verify the user has the correct permissions to add and modify computer objects, or use an account such as Administrator.

Even if an object for the computer pre-exists in AD, the administrator account used to join to the domain must have access to modify objects as certain attributes must be modified on join.