Software Question

K2000: Disabled Machine in AD after image

09/17/2015 1953 views
I'm trying to deploy an image to a brand new machine out of the box (E5250), and when it gets to the final post-install script which joins the domain, it joins - but when when I go to login to the domain, it gives me this error:

security database on the server does not have a computer account for this workstation trust relationship

Looking in AD, it has the down arrow next to the machine name. The only way I've been able to fix it is to un-join / re-join the domain. It's a brand new machine, and I'm not giving it a name of any machine that exists on AD already. I heard that this is happening on random machines from some of the techs in our department, so it seems to be random, but still occuring randomly.

Any ideas? Is this a problem with the image creation or perhaps the join domain script? We're using powershell to join. We use a bat file to call the powershell:

BAT File:
powershell.exe -nologo -executionpolicy bypass -noprofile -file wnhs.ps1

$domain= "cusd200.local"
$password= "xxx" | ConvertTo-SecureString -asPlainText -Force
#enter user account that will be used to join domain
$user= "cusd200\tech"
$cred= New-Object System.Management.Automation.PSCredential($user,$password)
#edit for OU path
$oupath = 'ou=North,ou=HighSchools,ou=D200Computers,dc=CUSD200,dc=LOCAL'
#add computer to OU
Add-Computer -domainname $domain -oupath $oupath -Credential $cred -ErrorAction silentlycontinue
#add computer to domain
Add-Computer -DomainName $domain -Credential $cred

3 Comments   [ + ] Show comments


  • I'm not a powershell guy, but it seems that maybe you're using the "Add-Computer" function twice unnecessarily? Although this might not be the cause of your issue...
    • Thanks. Not a powershell user either - just found this script online, but it has seemed to work for the most part.
  • Are you applying a sysprepped image?
    • Yes, it's a sysprepped image, but we aren't having it join the domain during that process, because we want to specify OU's.
  • I would suggest you chage the first Add-Computer line to have -ErrorAction Continue, and then in your batch file, redirect the output to a text file so you can see what, if any, error occured.

Be the first to answer this question

This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ