xComputer cannot join domain

[ramon-garcia]

Under Windows 2016 server, domain join fails with a mysterious message of password not strong enough. Difficult to understand, since the password of a machine account is automatically generated.

The powershell command Add-Computer (echoed in the module with Write-Verbose and then ran by hand) works prefectly if ran under the Administrator account, but it appears to fail under the LocalSystem account used by DSC.

I have read similar reports elsewhere https://social.technet.microsoft.com/Forums/windowsserver/en-US/cb6f2595-c37e-41e2-952d-9d9ae7ea8865/running-powerhshell-addcomputer-as-localsystem-fails?forum=winserverGP but none of the suggestions made have worked so far.

[PlagueHO]

Hi @ramon-garcia - are you able to paste a copy of the DSC config you're using in here (with sensitive info masked)?

[ramon-garcia]

Names are fictional

$credential is entered interactively with $credential = Get-Credential during policy generation.

xComputer initial { Name = 'myhostname' DomainName = 'mydomain.mycompany' Credential = $credential WorkGroupName = $null JoinOU = 'OU=subpol2,OU=subpol1,OU=SomeServerType,OU=MyServers,DC=mydomain,DC=mycompany' }

[PlagueHO]

Hi @ramon-garcia - are you able to try using the PsDscRunAsCredential parameter to the resource to have it applied under the context of the Domain Admin to see if that resolves the issue? See this page for more info: https://docs.microsoft.com/en-us/powershell/dsc/runasuser