Hello, In the task sequence, we are receiving this error: No mapping between account names and security IDs was done. (Error: 80070534; Source: Windows). Usually, when this error happens, it's because the old computer account hasn't been deleted in Active Directory. But today, we tried to install the Win7 image on 2 brand new computers and received this error message for both. The account that we use to join the domain has the correct rights and it's not disabled or locked out.

If you are resuing existing computer names you also need to assign permissions to update existing objects. Here is a minimal list of permissions needed on the OU holding the computer accounts Scope: This object and all child objects is selected - Create Computer objects - Delete Computer objects Scope: Computer objects - Read All Properties - Write All Properties - Read Permissions - Modify Permissions - Change Password - Reset Password - Validated write to DNS host name - Validated write to service principal name / Johan

Hi, Thanks for your response. I added the permissions on the OU for the user used to join the domain, and now I received this error message: The task sequence execution engine failed execution of a task sequence. The operating system reported error 50: The request is not supported. Thanks!

what does netsetup.log say ? (found in c:\windows\debug\) My step by step SCCM Guides I'm on Twitter > ncbrady

Hi Niall, Here's the content of the netsetup.log 11/15/2010 11:48:04:545 ----------------------------------------------------------------- 11/15/2010 11:48:04:545 NetpDoDomainJoin 11/15/2010 11:48:04:545 NetpMachineValidToJoin: 'DSK11104' 11/15/2010 11:48:04:545 OS Version: 6.1 11/15/2010 11:48:04:545 Build number: 7600 (7600.win7_gdr.100618-1621) 11/15/2010 11:48:04:592 SKU: Windows 7 Enterprise 11/15/2010 11:48:04:592 NetpGetLsaPrimaryDomain: status: 0x0 11/15/2010 11:48:04:592 NetpMachineValidToJoin: status: 0x0 11/15/2010 11:48:04:592 NetpJoinWorkgroup: joining computer 'DSK11104' to workgroup 'workgroup' 11/15/2010 11:48:04:592 NetpValidateName: checking to see if 'workgroup' is valid as type 2 name 11/15/2010 11:48:04:607 NetpCheckNetBiosNameNotInUse for 'workgroup' [ Workgroup as MACHINE] returned 0x0 11/15/2010 11:48:04:607 NetpValidateName: name 'workgroup' is valid for type 2 11/15/2010 11:48:04:623 NetpSetLsaPrimaryDomain: for 'workgroup' status: 0x0 11/15/2010 11:48:04:623 NetpJoinWorkgroup: status: 0x0 11/15/2010 11:48:04:623 NetpDoDomainJoin: status: 0x0 11/15/2010 11:58:42:778 ----------------------------------------------------------------- 11/15/2010 11:58:42:778 NetpDoDomainJoin 11/15/2010 11:58:42:778 NetpMachineValidToJoin: 'DSK11104' 11/15/2010 11:58:42:778 OS Version: 6.1 11/15/2010 11:58:42:778 Build number: 7600 (7600.win7_gdr.100618-1621) 11/15/2010 11:58:42:794 SKU: Windows 7 Enterprise 11/15/2010 11:58:42:794 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0 11/15/2010 11:58:42:794 NetpGetLsaPrimaryDomain: status: 0x0 11/15/2010 11:58:42:794 NetpMachineValidToJoin: status: 0x0 11/15/2010 11:58:42:794 NetpJoinDomain 11/15/2010 11:58:42:794 Machine: DSK11104 11/15/2010 11:58:42:794 Domain: Domain.com 11/15/2010 11:58:42:794 MachineAccountOU: (NULL) 11/15/2010 11:58:42:794 Account: Domain\soe 11/15/2010 11:58:42:794 Options: 0x3 11/15/2010 11:58:42:794 NetpLoadParameters: loading registry parameters... 11/15/2010 11:58:42:794 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2 11/15/2010 11:58:42:794 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2 11/15/2010 11:58:42:794 NetpLoadParameters: status: 0x2 11/15/2010 11:58:42:794 NetpValidateName: checking to see if 'Domain.com' is valid as type 3 name 11/15/2010 11:58:42:919 NetpCheckDomainNameIsValid [ Exists ] for 'Domain.com' returned 0x0 11/15/2010 11:58:42:919 NetpValidateName: name 'Domain.com' is valid for type 3 11/15/2010 11:58:42:919 NetpDsGetDcName: trying to find DC in domain 'Domain.com', flags: 0x40001010 11/15/2010 11:58:56:459 NetpDsGetDcName: failed to find a DC having account 'DSK11104$': 0x525, last error is 0x0 11/15/2010 11:58:56:459 NetpLoadParameters: loading registry parameters... 11/15/2010 11:58:56:459 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2 11/15/2010 11:58:56:459 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2 11/15/2010 11:58:56:459 NetpLoadParameters: status: 0x2 11/15/2010 11:58:56:459 NetpDsGetDcName: status of verifying DNS A record name resolution for 'srv10601.Domain.com': 0x0 11/15/2010 11:58:56:459 NetpDsGetDcName: found DC '\\srv10601.Domain.com' in the specified domain 11/15/2010 11:58:56:459 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0 11/15/2010 11:58:56:600 NetpJoinDomain: status of connecting to dc '\\srv10601.Domain.com': 0x0 11/15/2010 11:58:56:600 NetpProvisionComputerAccount: 11/15/2010 11:58:56:600 lpDomain: Domain.com 11/15/2010 11:58:56:600 lpMachineName: DSK11104 11/15/2010 11:58:56:600 lpMachineAccountOU: (NULL) 11/15/2010 11:58:56:600 lpDcName: srv10601.Domain.com 11/15/2010 11:58:56:600 lpDnsHostName: (NULL) 11/15/2010 11:58:56:600 lpMachinePassword: (null) 11/15/2010 11:58:56:600 lpAccount: Domain\soe 11/15/2010 11:58:56:600 lpPassword: (non-null) 11/15/2010 11:58:56:600 dwJoinOptions: 0x3 11/15/2010 11:58:56:600 dwOptions: 0x40000003 11/15/2010 11:58:56:647 NetpLdapBind: Verified minimum encryption strength on srv10601.Domain.com: 0x0 11/15/2010 11:58:56:647 NetpLdapGetLsaPrimaryDomain: reading domain data 11/15/2010 11:58:56:647 NetpGetNCData: Reading NC data 11/15/2010 11:58:56:662 NetpGetDomainData: Lookup domain data for: DC=Domain,DC=com 11/15/2010 11:58:56:662 NetpGetDomainData: Lookup crossref data for: CN=Partitions,CN=Configuration,DC=Domain,DC=com 11/15/2010 11:58:56:662 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x0 11/15/2010 11:58:56:725 NetpGetComputerObjectDn: Cracking DNS domain name Domain.com/ into Netbios on \\srv10601.Domain.com 11/15/2010 11:58:56:725 NetpGetComputerObjectDn: Crack results: name = Domain\ 11/15/2010 11:58:56:725 NetpGetComputerObjectDn: Cracking account name Domain\DSK11104$ on \\srv10601.Domain.com 11/15/2010 11:58:56:725 NetpGetComputerObjectDn: Crack results: Account does not exist 11/15/2010 11:58:56:725 NetpGetComputerObjectDn: Cracking Netbios domain name Domain\ into root DN on \\srv10601.Domain.com 11/15/2010 11:58:56:725 NetpGetComputerObjectDn: Crack results: name = DC=Domain,DC=com 11/15/2010 11:58:56:725 NetpGetComputerObjectDn: Got DN CN=DSK11104,CN=Computers,DC=Domain,DC=com from the default computer container 11/15/2010 11:58:56:740 NetpModifyComputerObjectInDs: Initial attribute values: 11/15/2010 11:58:56:740 objectClass = Computer 11/15/2010 11:58:56:740 SamAccountName = DSK11104$ 11/15/2010 11:58:56:740 userAccountControl = 0x1000 11/15/2010 11:58:56:740 DnsHostName = DSK11104.Domain.com 11/15/2010 11:58:56:740 ServicePrincipalName = HOST/DSK11104.Domain.com RestrictedKrbHost/DSK11104.Domain.com HOST/DSK11104 RestrictedKrbHost/DSK11104 11/15/2010 11:58:56:740 unicodePwd = <SomePassword> 11/15/2010 11:58:56:740 NetpModifyComputerObjectInDs: Computer Object does not exist in OU 11/15/2010 11:58:56:740 NetpModifyComputerObjectInDs: Attribute values to set: 11/15/2010 11:58:56:740 objectClass = Computer 11/15/2010 11:58:56:740 SamAccountName = DSK11104$ 11/15/2010 11:58:56:740 userAccountControl = 0x1000 11/15/2010 11:58:56:740 DnsHostName = DSK11104.Domain.com 11/15/2010 11:58:56:740 ServicePrincipalName = HOST/DSK11104.Domain.com RestrictedKrbHost/DSK11104.Domain.com HOST/DSK11104 RestrictedKrbHost/DSK11104 11/15/2010 11:58:56:740 unicodePwd = <SomePassword> 11/15/2010 11:58:56:740 NetpMapGetLdapExtendedError: Parsed [0x5] from server extended error string: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 11/15/2010 11:58:56:740 NetpModifyComputerObjectInDs: ldap_add_s failed: 0x32 0x5 11/15/2010 11:58:56:740 NetpCreateComputerObjectInDs: NetpModifyComputerObjectInDs failed: 0x5 11/15/2010 11:58:56:740 NetpProvisionComputerAccount: LDAP creation failed: 0x5 11/15/2010 11:58:56:740 NetpProvisionComputerAccount: Retrying downlevel per options 11/15/2010 11:58:56:787 NetpManageMachineAccountWithSid: NetUserAdd on 'srv10601.Domain.com' for 'DSK11104$' failed: 0x216d 11/15/2010 11:58:56:787 NetpProvisionComputerAccount: retry status of creating account: 0x216d 11/15/2010 11:58:56:787 ldap_unbind status: 0x0 11/15/2010 11:58:56:787 NetpJoinDomainOnDs: Function exits with status of: 0x216d 11/15/2010 11:58:56:787 NetpJoinDomainOnDs: status of disconnecting from '\\srv10601.Domain.com': 0x0 11/15/2010 11:58:56:787 NetpDoDomainJoin: status: 0x216d 11/15/2010 11:58:56:803 ----------------------------------------------------------------- 11/15/2010 11:58:56:803 NetpDoDomainJoin 11/15/2010 11:58:56:803 NetpMachineValidToJoin: 'DSK11104' 11/15/2010 11:58:56:803 OS Version: 6.1 11/15/2010 11:58:56:803 Build number: 7600 (7600.win7_gdr.100618-1621) 11/15/2010 11:58:56:803 SKU: Windows 7 Enterprise 11/15/2010 11:58:56:803 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0 11/15/2010 11:58:56:803 NetpGetLsaPrimaryDomain: status: 0x0 11/15/2010 11:58:56:803 NetpMachineValidToJoin: status: 0x0 11/15/2010 11:58:56:803 NetpJoinDomain 11/15/2010 11:58:56:803 Machine: DSK11104 11/15/2010 11:58:56:803 Domain: Domain.com 11/15/2010 11:58:56:803 MachineAccountOU: (NULL) 11/15/2010 11:58:56:803 Account: Domain\soe 11/15/2010 11:58:56:803 Options: 0x1 11/15/2010 11:58:56:803 NetpLoadParameters: loading registry parameters... 11/15/2010 11:58:56:803 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2 11/15/2010 11:58:56:803 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2 11/15/2010 11:58:56:803 NetpLoadParameters: status: 0x2 11/15/2010 11:58:56:803 NetpValidateName: checking to see if 'Domain.com' is valid as type 3 name 11/15/2010 11:58:56:927 NetpCheckDomainNameIsValid [ Exists ] for 'Domain.com' returned 0x0 11/15/2010 11:58:56:927 NetpValidateName: name 'Domain.com' is valid for type 3 11/15/2010 11:58:56:927 NetpDsGetDcName: trying to find DC in domain 'Domain.com', flags: 0x40001010 11/15/2010 11:59:10:453 NetpDsGetDcName: failed to find a DC having account 'DSK11104$': 0x525, last error is 0x0 11/15/2010 11:59:10:453 NetpLoadParameters: loading registry parameters... 11/15/2010 11:59:10:453 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2 11/15/2010 11:59:10:453 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2 11/15/2010 11:59:10:453 NetpLoadParameters: status: 0x2 11/15/2010 11:59:10:453 NetpDsGetDcName: status of verifying DNS A record name resolution for 'srv10601.Domain.com': 0x0 11/15/2010 11:59:10:453 NetpDsGetDcName: found DC '\\srv10601.Domain.com' in the specified domain 11/15/2010 11:59:10:453 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0 11/15/2010 11:59:10:453 NetpJoinDomain: status of connecting to dc '\\srv10601.Domain.com': 0x0 11/15/2010 11:59:10:453 NetpProvisionComputerAccount: 11/15/2010 11:59:10:453 lpDomain: Domain.com 11/15/2010 11:59:10:453 lpMachineName: DSK11104 11/15/2010 11:59:10:453 lpMachineAccountOU: (NULL) 11/15/2010 11:59:10:453 lpDcName: srv10601.Domain.com 11/15/2010 11:59:10:453 lpDnsHostName: (NULL) 11/15/2010 11:59:10:453 lpMachinePassword: (null) 11/15/2010 11:59:10:453 lpAccount: Domain\soe 11/15/2010 11:59:10:453 lpPassword: (non-null) 11/15/2010 11:59:10:453 dwJoinOptions: 0x1 11/15/2010 11:59:10:453 dwOptions: 0x40000003 11/15/2010 11:59:10:468 NetpLdapBind: Verified minimum encryption strength on srv10601.Domain.com: 0x0 11/15/2010 11:59:10:468 NetpLdapGetLsaPrimaryDomain: reading domain data 11/15/2010 11:59:10:468 NetpGetNCData: Reading NC data 11/15/2010 11:59:10:484 NetpGetDomainData: Lookup domain data for: DC=Domain,DC=com 11/15/2010 11:59:10:484 NetpGetDomainData: Lookup crossref data for: CN=Partitions,CN=Configuration,DC=Domain,DC=com 11/15/2010 11:59:10:484 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x0 11/15/2010 11:59:10:484 NetpGetComputerObjectDn: Cracking DNS domain name Domain.com/ into Netbios on \\srv10601.Domain.com 11/15/2010 11:59:10:499 NetpGetComputerObjectDn: Crack results: name = Domain\ 11/15/2010 11:59:10:499 NetpGetComputerObjectDn: Cracking account name Domain\DSK11104$ on \\srv10601.Domain.com 11/15/2010 11:59:10:499 NetpGetComputerObjectDn: Crack results: Account does not exist 11/15/2010 11:59:10:515 NetpCreateComputerObjectInDs: NetpGetComputerObjectDn failed: 0x534 11/15/2010 11:59:10:515 NetpProvisionComputerAccount: LDAP creation failed: 0x534 11/15/2010 11:59:10:515 ldap_unbind status: 0x0 11/15/2010 11:59:10:515 NetpJoinDomainOnDs: Function exits with status of: 0x534 11/15/2010 11:59:10:515 NetpJoinDomainOnDs: status of disconnecting from '\\srv10601.Domain.com': 0x0 11/15/2010 11:59:10:515 NetpDoDomainJoin: status: 0x534

well you have this > 11/15/2010 11:58:56:740 NetpMapGetLdapExtendedError: Parsed [0x5] from server extended error string: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS ), data 0 so are you sure you are using an account with permissions to do this ? are you using nested ous ? if so check this post I also found this :- see the bit in bold.. Troubleshooting SceCli Event ID 1202 The presence of SceCli event ID 1202 in the application event log indicates that there might be problems with Active Directory replication, especially if the error text for this message contains a Win32 error code of either Error 1332 (0x534) or Error 1332 (0x6fc). The procedure for troubleshooting this event with either hexadecimal code is the same. Procedure for Troubleshooting SceCli Event ID 1202 1. Enable logging for winlogon.log by changing the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\GPExtensions\<GUID name of CSE>. This creates the winlogon.log file in the %systemroot%\security\logs folder. Caution: The registry editor bypasses standard safeguards, allowing settings that can damage your system, or even require you to reinstall Windows. If you must edit the registry, back up system state first. For information about backing up system state, see "Active Directory Backup and Restore" in this guide. 2. Search the winlogon.log file for errors. At a command prompt, type the following and press ENTER: FIND /I "error" %SYSTEMROOT%\security\logs\winlogon.log This shows the account that is causing the problem. Determine why the account is causing the problem (for example, mistyped account, deleted account, or wrong policy was applied). If you determine that you need to remove this account from the policy, continue to the next step to determine which policy and setting to change. 3. To find which setting contains the unresolved account, type the following command at a command prompt and press ENTER: Find /I "<account>" %systemroot%\security\templates\policies\gpt*.* This shows the cached template from the GPO that contains the setting that is causing the problem. View the template and search for a line that begins with "GPOPath=" and the GUID of the policy you need to change. 4. Map the GUID of the problem GPO to its friendly name. Use the Gpresults.exe tool from the Windows 2000 Server Resource Kit to obtain extensive output from the computer that generated the events. Search the results for the GUID you identified from the previous step. If you cannot find the GUID in the output from the Gpresults.exe tool, use Search.vbs. Type the following command at a command prompt and press ENTER: Search.vbs LDAP://CN=Policies,CN=System,DC=<domain>,DC=<domain> /C:(ojbectClass=groupPolicyContainer) /P:name,displayName 5. Repair or modify the GPO, as necessary. My step by step SCCM Guides I'm on Twitter > ncbrady