Hi
In addition to the previously mentioned prerequisites, when joining an Active Directory domain the user account utilized for the joining must have correct permissions in the domain.
The user account must have the domain permission to create computer accounts, and in addition to this, the account must have permission to edit the created computer account.
Often users have just the right to join the domain and not to edit the computer object. Hence the ClearPass domain join will fail.
Either the user utilized in the domain join must be granted permission to edit the computer object created or as a domain administrator to perform the join operation.
One way to achieve the correct permissions in an environment with strict security is to ask a domain administrator to add the computer object first, and grant the user account utilized for the domain join operation permission to edit the computer account.
------------------------------
Best Regards
Jonas Hammarbäck
ACCX #1335, ACMP, ACDP, ACNSP, ACEP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Nov 14, 2022 11:32 AM
From: John ramos
Subject: Clear Pass Join LDAP
Hi Everyone
I am trying to joing CLaer pass against LDAP
I get this error