When attempting to join a domain, the following is returned:
LW_ERROR_LDAP_CONSTRAINT_VIOLATION [code 0x00009d7b]
In the following example, user2 does not have the correct permissions in Active Directory (AD).
[root@host1 bin]$ ./domainjoin-cli --loglevel debug --logfile /tmp/join.log join --ou 'My OU' example.com user2 Joining to AD Domain: example.com With Computer DNS Name: host1.example.com User2@EXAMPLE.COM's password: Error: LW_ERROR_LDAP_CONSTRAINT_VIOLATION [code 0x00009d7b]
The error typically occurs when the user account in the domainjoin command does not have the permissions required to add and modify computer objects.
To correct this issue, verify the user has the correct permissions to add and modify computer objects, or use an account such as Administrator.
Even if an object for the computer pre-exists in AD, the administrator account used to join to the domain must have access to modify objects as certain attributes must be modified on join.