Domain Joining Issue in AWS

Domain Joining Issue or error in AWS, most commonly we will see this issue when your Active Directory Service is running in AWS(Directory Service). Below are the steps to Resolve that issue.

Computer ‘XYZ’ failed to join domain ‘abc.com’ from its current workgroup ‘WORKGROUP’ with following error message: Your computer could not be joined to the domain. You have exceeded the maximum number of computers accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased.

While you are working on AWS EC2 Instance and you try to add that machine to your AWS Directory Service, you get an error message sometimes telling “Your computer could not be joined to the domain. You have exceeded the maximum number of computers accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased.”

To avoid that we want to delegate the permission to a user or group which we are using to add the computer to the domain. The steps have been given below.

Go to “Active Directory Users and Computers” on the machine where you have AD configured > Click on your actual domain (As in AWS directory service it will be below your main domain) > Right Click > “New” > “Group”

Domani joining aws error

Give the Group Name as per your requirement, make sure you select the Group scope > “Global” and Group type > “Security” > Click “OK”

Domain joing aws error group

Once the group is created You can add the required members who are going to add the computers to a domain.

Now we want to give the permission to the group to add a ‘n’ number of computers in that domain.

Right click on the “Computer” OU in your sub domain > Select “Delegate Control”

Domain joining aws error active directory

It will redirect you to the Delegation of Control Wizard > Click “Next”

Domain Joining Aws error OU Delegation TOSSolution.com

Click on “Add” button to add the Users or Groups who wants to add multiple computers to the Domain

Search the Users or Groups you wanted to add, and mention it and Click “OK”

Once the User is selected, Click “Next”

On “Tasks to Delegate” page, select “Create a custom task to delegate” and Click “Next”

Next, in the “Active Directory Object Type”, Select “Only the following objects in the folder:”, in that Select “Computer objects” and enable the Check box for “Create selected objects in this folder” and “Delete selected objects in this folder” Click >” Next”

In the “Permissions”, select the “General” and “Property-specific”.  In Below “Permissions:” Select “Read” and “Write” (Because the computers can be added or removed). Click “Next”

In “Completing the Delegation of Control Wizard” Verify the information and click “Finish”.

Create a user with a strong password and add that user to the joining group. This user must be in the Users container that is under your NetBIOS name. The user will then have enough privileges to connect instances to the directory.

We can go through AWS steps which is bit complex.

More blogs on AWS can be found in this link

We hope by this Blog your Domain Joining Issue in AWS has been resolved.

Leave a Reply

Your email address will not be published. Required fields are marked *