LW_ERROR_LDAP_INSUFFICIENT_ACCESS [code 0x00009d8b]
When using AD Bridge and running /opt/pbis/bin/domainjoin-cli join <arguments> to join a Linux or Unix system to the domain, the following error is returned:
/opt/pbis/bin/domainjoin-cli join --ou "MyOU/OU" mydomain.com myadminuser Joining to AD Domain: mydomain.com With Computer DNS Name: mycomputer.mydomain.com myadminuser@mydomain.COM's password: Error: LW_ERROR_LDAP_INSUFFICIENT_ACCESS [code 0x00009d8b] LW_ERROR_LDAP_INSUFFICIENT_ACCESS [code 0x00009d8b]
This error is typically encountered while attempting to re-join an existing computer to the domain. The computer object for this computer still exists in Active Directory (AD) and the admin account you are using to run the domain join command does not have modify permissions for objects in the OU you are trying to join.
This can be solved either by removing the existing computer object from AD using Active Directory Users and Computers, or by giving the account modify permissions in the target OU.