I saw this today on Technet and wanted to share it, blog it, long story short a guy was having problems joining his Windows 7 computer to the domain, he was specifying an OU and we later found out, his domain level was Windows 2000 native.


After requesting to see his netsetup.log file (which logs domain join failures into c:\windows\debug\)  the following was observed


07/21/2010 08:30:58:226 NetpMapGetLdapExtendedError: Parsed [0x2077] from server extended error string: 00002077: SvcErr: DSID-031D0AAB, problem 5003 (WILL_NOT_PERFORM), data 0

07/21/2010 08:30:58:226 NetpModifyComputerObjectInDs: ldap_add_s failed: 0x35 0x3eb

07/21/2010 08:30:58:226 NetpCreateComputerObjectInDs: NetpModifyComputerObjectInDs failed: 0x3eb

07/21/2010 08:30:58:226 NetpProvisionComputerAccount: LDAP creation failed: 0x3eb

07/21/2010 08:30:58:226 NetpProvisionComputerAccount: Cannot retry downlevel, specifying OU is not supported


Forum member StevyB69 then revealed the following info

If you're at Windows 2000 level then apparently the issue is that you cannot join Windows 7 or Windows Server 2008 R2 computer to Windows 2000 domain if an OU is specified. This issue will be fixed in Windows 7 SP1.

Interesting !

so the workaround is to

* leave the OU field blank

there is also another netdom script workaround, see the forum post here for details


Update:

This is Microsoft's Knowledge Base article on the problem, and there actually is a hotfix so you don't have to wait for SP1
http://support.microsoft.com/kb/979645


I hope it helps someone

cheers

niall

No Comments 22:30 - Jul 21, 2010

Trackbacks

No Trackbacks

Comments

No Comments