Article ID: 330095 - View products that this article applies to.
This article was previously published under Q330095
When you try to join a computer to a domain, the join process might not work, and you might receive an "Access denied" (in Windows XP) or an "Insufficient privileges" (in Microsoft Windows 2000) error message. You receive the error message under the following conditions:
The client uses a Lightweight Directory Access Protocol (LDAP) server or domain controller that has not yet replicated the account deletion, but does not have correct permissions to modify the account that still exists.
To work around this behavior, use any of the following methods:
Although the client looks for the site in which it is located, the client looks in Domain Name System ( DNS) for LDAP servers in "_ldap._tcp.dc._msdcs.DnsDomainName." This is not site-specific. The client might use an LDAP server (a domain controller) from a remote site that has not yet replicated the deletion of the old computer account. This depends on the Active Directory inter-site replication schedule.
The site information that is received from the LDAP server is used to find the site-specific LDAP servers in "_ldap._tcp.ClientSiteName._sites.dc._msdcs.DnsDomainName." During communication with the local LDAP servers, the client is made aware that its computer account name exists only at the domain controller that is first used. To avoid a potential replication conflict issue, the client uses a domain controller on which the computer account is already known instead of creating a new account. However, the domain user account that you are using for the join process does not have enough permissions to modify the existing account, so the join does not work.
For additional information about the domain controller locator process, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/247811/EN-US/ )How Domain Controllers Are Located in Windows
(http://support.microsoft.com/kb/314861/EN-US/ )How Domain Controllers Are Located in Windows XP