Add-Computer - Access denied

nj-dude · March 18, 2022, 7:40pm

Hi,
I’m trying to remotely add a computer to a domain, I’m following the proper syntax and all and it seems to work however I get an ACCESS DENIED error and of course the PC is not added to the domain, what makes me scratch my head is, why? the credentials for the local machine are correct and the same for the domain account, also, I’m running the PS session as a domain admin, so, why the access denied message?

This is what I have:

Add-Computer -ComputerName OriginalName -DomainName MyDomain -NewName PC1234 -LocalCredential OriginalName\AdminAccount -Credential MyDomain\DomainAdminAccount

What am I missing or doing wrong?

Thanks

krzydoug · March 18, 2022, 7:46pm

You say the local and domain user/password are the same?

nj-dude · March 18, 2022, 9:20pm

No, I’m using the name and credentials of the LOCAL computer admin account and the credentials of the domain admin account, both are different.

Olaf · March 18, 2022, 10:17pm

Can you run remote commands on the remote computer at all?
You have OriginalName\AdminAccount in your command. Do you get prompted for the password?
Did you try to prepopulate the credentials in a variable and use those in the command?
Can you run the command locally on the computer?

Regardless of that - you know that you don’t need to use a domain admin to join a computer to the domain, don’t you? And actually you should not. By default every domain user can join a computer to a domain. And the domain admin is only made to manage the domain - not clients.

nj-dude · March 19, 2022, 3:05pm

Yes, I get prompted for both passwords, I do not save them in a variable I type them in. These systems do not have PS remoting enabled but I can use PS without a problem, running Add-Computer on the local machine works fine, the problem I have is when I want to do it remotely.

nj-dude · March 30, 2022, 11:31pm

Well, still trying and no luck, still getting access denied.

peter-jurgens-2 · March 31, 2022, 6:01am

My first instinct is this is a double hop issue. The pssession is one hop but trying to add the remote computer to the domain would require the credentials to be passed to the domain controller which would be a second hop and world require credential delegation with CredSSP.

I typically get around this by using PowerShell Direct if my hypervisor is Hyper-V or PowerCLI’s invoke-vmscript if vmwaretools are installed on my guest VM on a ESXi host. This doesn’t encounter the double hop issue as the command is executed directly from the VM guest via the hypervisor bus/tools.

nj-dude · April 1, 2022, 4:31pm

It is not a 2nd hop, since the syntax for that cmdlet is like that, the problem here is permissions, I have no clue why I get an access denied error when I’m using the proper credentials and privileges.

Olaf · April 1, 2022, 4:39pm

I’d think it will be nearly impossible to troubleshoot this particular issue in a forum.

Did you try to prepopulate the needed credentials and save them in variables you provide to the command later on?

nj-dude · April 1, 2022, 6:22pm

I don’t know how this would help, having the credentials in variables that is.
Anyway, this seem to be a credentials issue but only when is done remotely, I’ll keep playing with it and hopefully find an answer, what bothers me though, is that I’m following the syntax and process to the letter and fails.
Thanks

Olaf · April 1, 2022, 6:25pm

Would it hurt you when you try it anyway? I assume you tried already everything else, didn’t you?

nj-dude · April 1, 2022, 10:47pm

Yes, same deal no matter what.

Topic		Replies	Views
Powershell Remoting Help PowerShell Help	7	187	March 27, 2017
Access is denied - PSRemoting PowerShell Help	3	135	July 31, 2016
Adding a domain user to remote PC PowerShell Help	7	233	May 18, 2021
How can I use Power Shell 2.0 to join a computer to the domain PowerShell Help	4	161	May 19, 2013
Access is Denied error PowerShell Help	6	154	March 23, 2014

Add-Computer - Access denied

Related Topics