Add-Computer - Access denied

I’m trying to remotely add a computer to a domain, I’m following the proper syntax and all and it seems to work however I get an ACCESS DENIED error and of course the PC is not added to the domain, what makes me scratch my head is, why? the credentials for the local machine are correct and the same for the domain account, also, I’m running the PS session as a domain admin, so, why the access denied message?

This is what I have:

Add-Computer -ComputerName OriginalName -DomainName MyDomain -NewName PC1234 -LocalCredential OriginalName\AdminAccount -Credential MyDomain\DomainAdminAccount

What am I missing or doing wrong?


You say the local and domain user/password are the same?

No, I’m using the name and credentials of the LOCAL computer admin account and the credentials of the domain admin account, both are different.

Can you run remote commands on the remote computer at all?
You have OriginalName\AdminAccount in your command. Do you get prompted for the password?
Did you try to prepopulate the credentials in a variable and use those in the command?
Can you run the command locally on the computer?

Regardless of that - you know that you don’t need to use a domain admin to join a computer to the domain, don’t you? And actually you should not. :wink: By default every domain user can join a computer to a domain. And the domain admin is only made to manage the domain - not clients. :point_up_2:t4:


Yes, I get prompted for both passwords, I do not save them in a variable I type them in. These systems do not have PS remoting enabled but I can use PS without a problem, running Add-Computer on the local machine works fine, the problem I have is when I want to do it remotely.

Well, still trying and no luck, still getting access denied.

My first instinct is this is a double hop issue. The pssession is one hop but trying to add the remote computer to the domain would require the credentials to be passed to the domain controller which would be a second hop and world require credential delegation with CredSSP.

I typically get around this by using PowerShell Direct if my hypervisor is Hyper-V or PowerCLI’s invoke-vmscript if vmwaretools are installed on my guest VM on a ESXi host. This doesn’t encounter the double hop issue as the command is executed directly from the VM guest via the hypervisor bus/tools.

It is not a 2nd hop, since the syntax for that cmdlet is like that, the problem here is permissions, I have no clue why I get an access denied error when I’m using the proper credentials and privileges.

I’d think it will be nearly impossible to troubleshoot this particular issue in a forum.

Did you try to prepopulate the needed credentials and save them in variables you provide to the command later on?

I don’t know how this would help, having the credentials in variables that is.
Anyway, this seem to be a credentials issue but only when is done remotely, I’ll keep playing with it and hopefully find an answer, what bothers me though, is that I’m following the syntax and process to the letter and fails.

Would it hurt you when you try it anyway? :thinking: I assume you tried already everything else, didn’t you? :wink: :man_shrugging:t4:

Yes, same deal no matter what.