Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-0238: adjoin --force returns: Unexpected LDAP Error

Centrify DirectControl ,  

12 April,16 at 11:11 AM

Applies To: Centrify DirectControl 3.0.0

Problem: When using adjoin with the --force option in order to have a computer join Active Directory where the computer object and the Zone object already exist, you will get an error message stating “Unexpected LDAP Error Already exists” because adjoin cannot delete and re-create the Zone object.

Cause: There is a known problem in the --force option of adjoin that does not properly delete the previous Zone object for the computer. Resolution: This will be fixed in DirectControl 3.0.1.

Workaround: Manually delete the Zone object for the computer via Active Directory Users and Computers.

For example, if the computer object to delete is "machine01" which was originally in the "default" Zone, and DirectControl's data is installed in the default location, Program Data, then from Active Directory Users and Computers:

1. Ensure from the "View" menu, "Advanced Features" is checked.

2. Expand on Program Data, Centrify, Zones, default, Computers.

3. Right click on the serviceConnectionPoint, "machine01" and select "Delete".

4. Retry the adjoin command with --force option, along with your additional normal options (type “adjoin” at the command shell for list of all options).

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.