Merge pull request #8500 from v-lianna/CI_4466

Deland-Han · web-flow · commit 093151c1333f · 2025-03-26T15:58:35.000+08:00
AB#4466 error-0x569-not-granted-logon-type
diff --git a/support/windows-server/active-directory/active-directory-domain-join-troubleshooting-guidance.md b/support/windows-server/active-directory/active-directory-domain-join-troubleshooting-guidance.md
@@ -53,23 +53,7 @@ The following table lists the ports required to be open between the client compu
 
 ### Error code 0x569
 
-> The user has not been granted the requested logon type at this computer.
-
-Here's an example from the *netsetup.log* file:
-
-```output
-mm/dd/yyyy hh:mm:ss:ms NetpDsGetDcName: failed to find a DC having account <computer name>$': 0x525
-mm/dd/yyyy hh:mm:ss:ms NetpDsGetDcName: found DC '\\<DC name>.<domain>.<tld>' in the specified domain
-mm/dd/yyyy hh:mm:ss:ms NetUseAdd to \\<DC name>.<domain>.<tld>\IPC$ returned 1385
-mm/dd/yyyy hh:mm:ss:ms NetpJoinDomain: status of connecting to dc '\\<DC Name>.<Domain>.<tld>': 0x569
-mm/dd/yyyy hh:mm:ss:ms NetpDoDomainJoin: status: 0x569
-```
-
-Error 0x569 is logged when the domain join user lacks the **Access this computer from the network** user right. Make sure of the following items:
-
-- Verify that the user account performing the domain join operation (or the security group that owns the member of the domain join user) has been granted the **Access this computer from the network** right in the default domain controllers policy.
-- The default domain controllers policy is linked to the OU that hosts the DC computer account that's servicing the domain join operation.
-- The DC servicing the domain join operation applies the policy successfully, specifically the user rights settings defined in the default domain controllers policy.
+For more information, see [Error code 0x569: The user has not been granted the requested logon type at this computer](error-0x569-not-granted-logon-type.md).
 
 ### Error code 0x534
 
diff --git a/support/windows-server/active-directory/error-0x569-not-granted-logon-type.md b/support/windows-server/active-directory/error-0x569-not-granted-logon-type.md
@@ -0,0 +1,48 @@
+---
+title: User Has Not Been Granted the Requested Logon Type at This Computer
+description: Helps resolve the error code 0x569 that occurs during a domain join operation.
+ms.date: 03/26/2025
+manager: dcscontentpm
+audience: itpro
+ms.topic: troubleshooting
+ms.reviewer: kaushika, raviks, herbertm, dennhu, eriw, v-lianna
+ms.custom:
+- sap:active directory\on-premises active directory domain join
+- pcy:WinComm Directory Services
+---
+# Error code 0x569: The user has not been granted the requested logon type at this computer
+
+This article helps resolve the error code 0x569 that occurs during a domain join operation. It provides a detailed analysis of the **NetSetup.log** and a step-by-step resolution to ensure the user account has the necessary rights.
+
+You receive the following error message during a domain join operation:
+
+> Logon failure: the user has not been granted the requested logon type at this computer.
+
+When you check the **NetSetup.log** file, you see the following entries:
+
+```output
+NetpDsGetDcName: failed to find a DC having account '<computer name>$': 0x525
+NetpDsGetDcName: found DC '\\<dc name>' in the specified domain
+NetUseAdd to \\<dc name>\IPC$ returned 1385
+NetpJoinDomain: status of connecting to dc '\\<dc name>': 0x569
+NetpDoDomainJoin: status: 0x569
+```
+
+Here's more information about the error code:
+
+|Hexadecimal error  |Decimal error  |Symbolic error string  |
+|---------|---------|---------|
+|0x569     |1385         |ERROR_LOGON_TYPE_NOT_GRANTED         |
+
+This error occurs because the domain join user account lacks the **Access this computer from the network** user right at the domain controller (DC) servicing the domain join operation.
+
+To resolve this error, follow these steps:
+
+1. There's no need to restrict **Everyone** from accessing DCs over the network. You can add a group named "domain joiners" to the policy.
+    > [!NOTE]
+    > Don't add the user directly.
+2. Verify that **Everyone** or the "domain joiners" group has been granted the **Access this computer from the network** right in the group policy applying to all DCs. By default, this policy is the **Default Domain Controllers Policy**.
+3. Ensure that the relevant policy is linked to the organizational unit (OU) that hosts the DCs.
+    > [!NOTE]
+    > Place all DC computer accounts in the **Domain Controllers** OU.
+4. Confirm that the DCs servicing the domain join operation have applied the relevant policy successfully.
diff --git a/support/windows-server/toc.yml b/support/windows-server/toc.yml
@@ -353,6 +353,8 @@ items:
       href: ./active-directory/cannot-connect-internet-domain.md
     - name: Default limit to workstation numbers
       href: ./active-directory/default-workstation-numbers-join-domain.md
+    - name: Error code 0x569
+      href: ./active-directory/error-0x569-not-granted-logon-type.md
     - name: Netlogon service doesn't keep settings after in-place upgrade
       href: ./active-directory/netlogon-service-not-start-automatically.md
     - name: Support boundaries for Active Directory over NAT
