06-24-2013 09:50 PM - edited 03-10-2019 08:34 PM
G'day All,
I am attempting to ad my primary admin node to AD, but I am receving the following error message in the ISE gui.
using Writable Domain Controller: addc01.abc.com
Update Computer DnsName Failed.
User Does Not Have Update Privileges On The DNSHostName Attribute.
Error: Either User ise_ad@abc.com Does Not Have Sufficient Permissions To Join
Domain Abc.com, Zone Null
Or This Computer Already Has An Account In The Domain.
In Order To Rejoin, You Must Have Domain Administrator Privileges.
Join To Domain Abc.com , Zone Null Failed
The detailed test passes fine. I don't see any NTP errors and DNS is completely resolvable at both ends.
Any assistance is greatly appreciated guys.
James
Solved! Go to Solution.
03-18-2014 01:51 PM
I had a similar problem.
I received the following error:
Using domain controller: paprowdc.domain.corp writable=true
Update Computer dnsName failed.
User does not have update privileges on the dNSHostName attribute.
Error: Either user user_ad@domain.corp does not have sufficient permissions to join
domain domain.corp, zone null
or this computer already has an account in the domain.
In order to rejoin, you must have Domain Administrator privileges.
Join to domain `domain.corp`, zone `null` failed.
The problem was solved, adding the privilege for add machine object on the AD to the user user_ad.
Regards,
06-24-2013 11:19 PM
hi,
I think I had similar problem in the past so check:
- whether u got PTR record (so reverse lookup zone must be configured as well).
- your CLI dns points the right server with this records
- your CLI domain name is the same as AD
regards
Przemek
06-25-2013 01:25 AM
This happen due to incorrect DNS entry on DNS server also make sure that your user which you are using to join the domain have administrator right on AD. Cross check that you are able to resolve the name of your domain and vice versa.
For more detail you can check the below link
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_troubleshooting.html#wp1049448
06-25-2013 08:14 PM
thanks for the replies. I'll work through the information and post back the outcome.
Sent from Cisco Technical Support iPhone App
03-18-2014 08:34 PM
James, I agree with the above reply by khernandezruiz
AD account required for domain access in ACS should have either of the following:
- Add workstations to domain user right in corresponding domain.
- Create Computer Objects or Delete Computer Objects permission on corresponding computers container where ACS machine's account is precreated (created before joining ACS to the domain).
Regards,
Jatin Katyal
*Do rate helpful posts*
03-18-2014 01:51 PM
I had a similar problem.
I received the following error:
Using domain controller: paprowdc.domain.corp writable=true
Update Computer dnsName failed.
User does not have update privileges on the dNSHostName attribute.
Error: Either user user_ad@domain.corp does not have sufficient permissions to join
domain domain.corp, zone null
or this computer already has an account in the domain.
In order to rejoin, you must have Domain Administrator privileges.
Join to domain `domain.corp`, zone `null` failed.
The problem was solved, adding the privilege for add machine object on the AD to the user user_ad.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide