I am trying to join a Linux server to Active Directory. I want to set OS Name and OS Version attributes upon joining the domain using this command:
/usr/bin/net ads join -k -S adserver.example.local osName=CentOS osVer=6.5
I've delegated permissions to a bind account so that it can read/write to OS Name and OS Version properties for computer objects. When I try to join domain, I am hit with this error:
Failed to join domain: failed to set machine os attributes: Insufficient access
I have no issues joining the domain when leaving off osName and osVer. Just to verify that this account has the right permissions, I manually set these two properties on the computer objects using ADSI.
Best Answer
It's usually easier to pre-stage the computer account, and assign permissions/owner to the account that will be joining it to the domain.