|
| 1 | +--- |
| 2 | +title: Status Code 0x216d and Your Computer Can't Be Joined to the Domain |
| 3 | +description: Helps resolve an issue in which you can't join a domain with status code 0x216d. |
| 4 | +ms.date: 04/23/2025 |
| 5 | +manager: dcscontentpm |
| 6 | +audience: itpro |
| 7 | +ms.topic: troubleshooting |
| 8 | +ms.reviewer: kaushika, raviks, herbertm, dennhu, eriw, v-lianna |
| 9 | +ms.custom: |
| 10 | +- sap:active directory\on-premises active directory domain join |
| 11 | +- pcy:WinComm Directory Services |
| 12 | +--- |
| 13 | +# Status code 0x216d: Your computer could not be joined to the domain |
| 14 | + |
| 15 | +This article helps resolve an issue in which you can't join a workgroup computer to a domain with status code 0x216d. |
| 16 | + |
| 17 | +When you join a workgroup computer to a domain, you receive the following error message: |
| 18 | + |
| 19 | +> The following error occurred when attempting to join the domain "\<DomainName\>": |
| 20 | +> |
| 21 | +> Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased. |
| 22 | +
|
| 23 | +When you check the **NetSetup.log** file, you see the following entries: |
| 24 | + |
| 25 | +```output |
| 26 | +NetpMapGetLdapExtendedError: Parsed [0x216d] from server extended error string: 0000216D: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM), data 0 |
| 27 | +NetpModifyComputerObjectInDs: ldap_add_s failed: 0x35 0x216d |
| 28 | +NetpCreateComputerObjectInDs: NetpModifyComputerObjectInDs failed: 0x216d |
| 29 | +NetpProvisionComputerAccount: LDAP creation failed: 0x216d |
| 30 | +NetpProvisionComputerAccount: Retrying downlevel per options |
| 31 | +NetpManageMachineAccountWithSid: NetUserAdd on '<dc_fqdn>' for 'CLIENT1$' failed: 0x216d |
| 32 | +NetpProvisionComputerAccount: retry status of creating account: 0x216d |
| 33 | +ldap_unbind status: 0x0 |
| 34 | +NetpJoinCreatePackagePart: status:0x216d. |
| 35 | +NetpJoinDomainOnDs: Function exits with status of: 0x216d |
| 36 | +NetpJoinDomainOnDs: status of disconnecting from '\\<dc_fqdn>': 0x0 |
| 37 | +NetpResetIDNEncoding: DnsDisableIdnEncoding(RESETALL) on '<domain_name>' returned 0x0 |
| 38 | +NetpJoinDomainOnDs: NetpResetIDNEncoding on '<domain_name>': 0x0 |
| 39 | +NetpDoDomainJoin: status: 0x216d |
| 40 | +``` |
| 41 | + |
| 42 | +Status code 0x216d is logged in one of the following conditions: |
| 43 | + |
| 44 | +- The user account trying to join the computer to the domain has exceeded the limit of 10 computers that can be joined to the domain. |
| 45 | +- There's a Group Policy Object (GPO) restriction to block authenticated users from joining a computer to the domain. |
| 46 | + |
| 47 | +To resolve the issue, verify the following items: |
| 48 | + |
| 49 | +- The [default limit on the number of workstations a user can join to the domain](default-workstation-numbers-join-domain.md). |
| 50 | +- The user account is a member of the group mentioned in the **Add workstations to domain** policy of the **Default Domain Controllers Policy** GPO or the **Winning GPO**. |
| 51 | + |
| 52 | + The GPO setting is located at **Computer Configuration** > **Windows Settings** > **Security Settings** > **Local Policies** > **User Rights Assignment** > **Add workstations to domain**. |
0 commit comments