LW_ERROR_LDAP_CONSTRAINT_VIOLATION

Error

When attempting to join a domain, the following is returned:

LW_ERROR_LDAP_CONSTRAINT_VIOLATION 

In the following example, user2 does not have the correct permissions in Active Directory (AD).

[root@host1 bin]$ ./domainjoin-cli --loglevel debug --logfile /tmp/join.log join --ou 'My OU' example.com user2
Joining to AD Domain: example.com
With Computer DNS Name: host1.example.com
User2@EXAMPLE.COM's password:
Error: LW_ERROR_LDAP_CONSTRAINT_VIOLATION [code 0x00009d7b]

Cause

This issue typically occurs because the user specified to join the computer to the Active Directory domain does not have the permissions required to add and modify computer objects.

Resolution

To correct this issue, verify the user has the correct permissions to add and modify computer objects, or use an account such as Administrator.

Even if an object for the computer pre-exists in AD, the administrator account used to join to the domain must have access to modify objects as certain attributes must be modified on join.