Applies to: All versions of Centrify DirectControl
The command adjoin is failing when joining a server to AD. In the adjoin command, the -c flag (container) is not being specified as the server will be joined to the default container.
Extract from debug log:
Jan 13 16:48:41 aixdev2 auth|security:debug adjoin: DEBUG cli.adjoin Unexpected RPC Error(rc=0xc0000022): Access Denied
Jan 13 16:48:41 aixdev2 auth|security:debug adjoin: DEBUG cli.adjoin due to unexpected configuration or network error.
The "RPC Error (rc=0xc0000022): Access Denied" means the user in question does not have sufficient rights to join the computer to the domain’s default Computers container.
From the man pages of adjoin; Please use the -c flag in the adjoin command and specify the correct container or OU where the user has rights or make sure the user has rights to join servers in the default Computers container.
-c, --container containerDN
The containerDN specifies the distinguished name (DN) of the container or Organizational Unit in which to place this computer account. You can specify the containerDN by:
- Canonical name (ajax.org/unix/services). Cannot specify a partial name for the canonical name.
- Fully distinguished name (cn=services, cn=unix,dc= ajax,dc=org)
- Relative distinguished name without the domain suffix(cn=services,cn=unix)
If a container is not specified, the computer account is created in the domain’s default Computers container.
Note that the container specified must already exist in Active Directory or the join operation will fail. The user must also have appropriate permissions to add entries to the specified container.