K2000: Disabled Machine in AD after image

I'm trying to deploy an image to a brand new machine out of the box (E5250), and when it gets to the final post-install script which joins the domain, it joins - but when when I go to login to the domain, it gives me this error:

security database on the server does not have a computer account for this workstation trust relationship

Looking in AD, it has the down arrow next to the machine name. The only way I've been able to fix it is to un-join / re-join the domain. It's a brand new machine, and I'm not giving it a name of any machine that exists on AD already. I heard that this is happening on random machines from some of the techs in our department, so it seems to be random, but still occuring randomly.

Any ideas? Is this a problem with the image creation or perhaps the join domain script? We're using powershell to join. We use a bat file to call the powershell:

BAT File:
powershell.exe -nologo -executionpolicy bypass -noprofile -file wnhs.ps1

$domain= "cusd200.local"
$password= "xxx" | ConvertTo-SecureString -asPlainText -Force
#enter user account that will be used to join domain
$user= "cusd200\tech"
$cred= New-Object System.Management.Automation.PSCredential($user,$password)
#edit for OU path
$oupath = 'ou=North,ou=HighSchools,ou=D200Computers,dc=CUSD200,dc=LOCAL'
#add computer to OU
Add-Computer -domainname $domain -oupath $oupath -Credential $cred -ErrorAction silentlycontinue
#add computer to domain
Add-Computer -DomainName $domain -Credential $cred

3 Comments   [ + ] Show comments
  • I'm not a powershell guy, but it seems that maybe you're using the "Add-Computer" function twice unnecessarily? Although this might not be the cause of your issue... - nheyne 6 years ago
    • Thanks. Not a powershell user either - just found this script online, but it has seemed to work for the most part. - sfigg 6 years ago
  • Are you applying a sysprepped image? - chucksteel 6 years ago
    • Yes, it's a sysprepped image, but we aren't having it join the domain during that process, because we want to specify OU's. - sfigg 6 years ago
  • I would suggest you chage the first Add-Computer line to have -ErrorAction Continue, and then in your batch file, redirect the output to a text file so you can see what, if any, error occured. - BHC-Austin 6 years ago

Answers (0)

Be the first to answer this question

This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ