Failing to Join Machine to Domain

Greetings Professionals

I have been trying using the ad-join cookbook to join a machine to domain when i am trying to bootstrap i get the below error, those are the newly build windows 2012r2 servers , whose machine objects are created and those machines are never joined to our domain , i can see the computer name has been changed successfully but could not able to join the domain from work group as it says the account is already exists…

Below mentioned is the attributes i use from cookbook

Warning! If you ever change ‘update_hostname’ to false, be very careful if you ever decide to switch it back to true

default[‘ad-join’][‘windows’][‘update_hostname’] = true
default[‘ad-join’][‘windows’][‘double_reboot’] = true
default[‘ad-join’][‘windows’][‘visual_warning’] = true

ERROR MESSAGE

domain_join[bpcwindbs80p] (ad-join::example_simple line 4) had an error: Mixlib::ShellOut::ShellCommandFailed: powershell_script[ad-join] (c:/chef/cache/cookbooks/ad-join/resources/domain_join.rb line 80) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received ‘1’ ---- Begin output of “C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe” -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -InputFormat None -File “C:/Users/ADMINI~1/AppData/Local/Temp/chef-script20170905-4424-301ixf.ps1” ---- STDOUT: Renaming computer from to bpcwindbs80p WARNING: The changes will take effect after you restart the computer
WIN-01IFDSJSN9B.
HasSucceeded ComputerName


False WIN-01IFDSJSN9B STDERR: Computer ‘WIN-01IFDSJSN9B’ failed to join domain ‘XXXXX’ from its current workgroup ‘WORKGROUP’ with following error message: The account already exists. ---- End output of “C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe” -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -InputFormat None -File “C:/Users/ADMINI~1/AppData/Local/Temp/chef-script20170905-4424-301ixf.ps1” ---- Ran “C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe” -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -InputFormat None -File “C:/Users/ADMINI~1/AppData/Local/Temp/chef-script20170905-4424-301ixf.ps1” returned 1

Please help…!
Thanks
Prash

I’m the author of the ad-join cookbook. A couple of things to verify

  1. Are you using chef 12 or chef 13?

Chef 13 has a regression in the way windows scheduled tasks are handled, so the ad-join cookbook currently only works with chef 12. (Will be fixed eventually)

The cookbook has some examples. See recipes/example_simple.rb and recipes/example_complex.rb

  1. Can you manually run powershell to test?

All the cookbook is really doing behind the scenes is running this commands. Try running them manually after replacing values in angle brackets <>.

  $adminname = "<example.com\bob>"
  $password = '<correct-horse-battery-staple>' | ConvertTo-SecureString -asPlainText -Force
  $credential = New-Object System.Management.Automation.PSCredential($adminname,$password)

  Rename-Computer -NewName '<server1>'

  sleep 5
  Add-computer -DomainName <example.com> -OUPath "<OU=foo>" -Server <foobar> -Credential $credential -force -Options JoinWithNewName,AccountCreate -PassThru
  1. Are you bootstrapping with the -N option? -N will rename the machine in the chef server on bootstrap. Either set default['ad-join']['windows']['update_hostname'] = true to false, or provide the -N option on bootstrap.

sir i am using chef 12.18.31 Version and i tried using the steps manually but still i get the same problem

i get the error while executing the last command , please correct me if im wrong in giving the inputs, it is throwing error if i give value with in the angular brackets so i removed and given in ‘single codes’

“Add-computer -DomainName <example.com> -OUPath “<OU=foo>” -Server -Credential $credential -force -Options JoinWithNewName,AccountCreate -PassThru”

Add-computer -DomainName “mydomain” -OUPath “OU=Amazon” -Server ‘chef2’ -Credential $credential -force -Options JoinWithNewName,AccountCreate -PassThru

Add-computer : Computer ‘chef2’ failed to join domain ‘mydomain’ from its current workgroup ‘AWS’ with
following error message: The specified username is invalid.
At line:1 char:1

  • Add-computer -DomainName ‘domain.name’ -OUPath “OU=Amazon” -Server ‘chef2’ -C …
  •   + CategoryInfo          : OperationStopped: (chef2:String) [Add-Computer], InvalidOperationException
      + FullyQualifiedErrorId : FailToJoinDomainFromWorkgroup,Microsoft.PowerShell.Commands.AddComputerCommand

This is a different error than the one before. It says “The specified username is invalid”. Make sure you create the credential object first.

  $adminname = "<example.com\bob>"
  $password = '<correct-horse-battery-staple>' | ConvertTo-SecureString -asPlainText -Force
  $credential = New-Object System.Management.Automation.PSCredential($adminname,$password)

Sir,

i have joined the server manually to domain and tried to unjoin it from the domain using chef i had given all the credentials as per asked in the recipe “example_simple.rb” and perfomed "action : leave " and the chefrun was successful chef -un-joined the machine with domain and my server got rebooted , all i have issue is in joining the domain. i don’t understand what exactly the root cause is

Please help

Thanks
Prash

The key seems to be in this error message: The account already exists.

The domain already has a computer account named WIN-01IFDSJSN9B . Did you maybe remove this computer from the domain, and are now trying to re-join it? If so, delete the computer account in the domain.

Kevin Keane
Whom the IT Pros Call
The NetTech
http://www.4nettech.com
Our values: Privacy, Liberty, Justice
See https://www.4nettech.com/corp/the-nettech-values.html