Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-1516: adjoin -k fails to join a domain whose domain and forest functional levels are Windows Server 2008

Auditing and Monitoring Service ,   Authentication Service ,   Mac & PC Management Service ,  

12 April,16 at 11:45 AM

Applies to: All versions of Centrify DirectControl for UNIX/Linux




adjoin with option "-k" fails to join a domain whose domain and forest functional levels are Windows Server 2008. Running it yields the following error message:


bash-3.00# adjoin -p pass,123 -k server.test
Using writable domain controller: win-nqe8dmvosvd.server.test
Error: Invalid user or password

Join to domain 'server.test', zone 'default' failed.




[root@rhel3 root]# adjoin --help | grep des
  -k, --des                use DES key only


-k means to use DES encryption during the adjoin operation; DES encryption is no longer supported by Windows 2008 domains by default.




One can manually enable DES on the domain by setting the following group policy:


Under Computer Configuration/Windows Settings/Local Policies/Security Options/Network Security:

i. Configure available encryption types for Kerberos
ii. Enable All but "Future Encryption Types"
iii. Reboot Domain Controller.

Please refer to this Microsoft post for more information:

(Link provided as a courtesy)

Related Articles

No related Articles