When querying domainjoin status, the following is returned:

/opt/pbis/bin/domainjoin-cli query
Error: LW_ERROR_PASSWORD_MISMATCH [code 0x00009c56]
"The password is incorrect for the given account"


If you see this error specifically when querying domain join status, this indicates the machine account password has expired or does not match the password stored in Active Directory.


To correct this, run the following command:

/opt/pbis/bin/domainjoin-cli join <join arguments> 
/opt/pbis/bin/lsa authenticate-user --user username --domain example.com

This will refresh the locally cached machine account password with what is stored in Active Directory.