Possible Domain Join Failure when specifying OU and Domain Level is Windows 2000

I saw this today on Technet and wanted to share it, blog it, long story short a guy was having problems joining his Windows 7 computer to the domain, he was specifying an OU and we later found out, his domain level was Windows 2000 native.

After requesting to see his netsetup.log file (which logs domain join failures into c:\windows\debug\)  the following was observed

07/21/2010 08:30:58:226 NetpMapGetLdapExtendedError: Parsed [0x2077]
from server extended error string: 00002077: SvcErr: DSID-031D0AAB,
problem 5003 (WILL_NOT_PERFORM), data 0

07/21/2010 08:30:58:226 NetpModifyComputerObjectInDs: ldap_add_s
failed: 0x35 0x3eb

07/21/2010 08:30:58:226 NetpCreateComputerObjectInDs:
NetpModifyComputerObjectInDs failed: 0x3eb

07/21/2010 08:30:58:226 NetpProvisionComputerAccount: LDAP creation
failed: 0x3eb

07/21/2010 08:30:58:226 NetpProvisionComputerAccount: Cannot retry
downlevel, specifying OU is not supported

Forum member StevyB69 then revealed the following info

If you’re at Windows 2000 level then apparently the issue is that you
cannot join Windows 7 or Windows Server 2008 R2 computer to Windows
2000 domain if an OU is specified. This issue will be fixed in Windows 7 SP1.

Interesting !

so the workaround is to

* leave the OU field blank

there is also another netdom script workaround, see the forum post here for details


This is Microsoft’s Knowledge Base article on the problem, and there
actually is a hotfix so you don’t have to wait for SP1

I hope it helps someone



This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.