User profile for user: jnovack
jnovack Author
User level: Level 1
8 points

10.7.3 dsconfigad: The plugin encountered an error processing request. (10001)

After I reinstalled Lion 10.7 from CD:


Either via:

1) The GUI

a) System -> Users and Groups -> Login Options -> Join..

2) The command line

a) dsconfig -add domain.name -username adminstrator -computer computername


I get the error:

10.7) dsconfigad: Unknown error code. (1)

10.7.3) dsconfigad: The plugin encountered an error processing request. (10001)


I've tried and retried every combination of every option in both the GUI and command line. So don't ask if I've tried "x" command line option, I did (unless it's hidden).


I just did another 10.6.8 (Mac mini 2010) client in my environment, worked fine. I just did TWO other 10.7.3 (Macbook Pro 2011) clients in my environment, worked fine.


The following are things I've already searched for and already confirmed: time syncing, dns search domains, dns servers, domain administrator account vs user accounts. I'm using the same methods, same instruction set, same users; on the iMac it fails, on the Macbook Pros, it works. What could be different?

iMac, Mac OS X (10.7.3), Work Desktop

Posted on Feb 28, 2012 10:38 AM

Reply
4 replies
Sort By: 
User profile for user: jnovack
jnovack Author
User level: Level 1
8 points

Feb 28, 2012 11:01 AM in response to jnovack

Through the GUI, I screen-recorded the process so I can catch the messages that fly by when I hit Bind.


* Getting Active Directory domain information...

* Getting Active Directory settings...

* Finding domain controllers...

* Checking credentials...

* Checking for existing entry...

* Joining Active Directory domain...

and... FAIL.


Update: I've tried with both a premade computer account, and with no computer account.

Update: I've tried reinstalling (and reformating). Issue STILL persists, only on this one machine.

Reply
User profile for user: jnovack
jnovack Author
User level: Level 1
8 points

Feb 29, 2012 7:22 AM in response to jnovack

SOLVED! (no thanks to you!)


On all versions of OSX Lion (10.7, .1, .2, .3), it was giving the same error for all three accounts tested: built-in domain administrator, my account (member of domain admins), and a domain user account. Errors described above. When the password was typed incorrectly, it was giving another error, (10002).


All three accounts WERE successful on other machines, which is the entire key to this story, they were just NOT successful on the iMac. All three tested accounts were not locked out, and the accounts have no login restrictions.


"Solution" is incorrect. The WORKAROUND was to use yet another account. I'm not sure what is different between the fourth account and the three I tried, but the fourth account worked.


In the end, I do not know what the problem is, where the problem is (OSX or AD) or what the solution is, I just hope that someone finds this helpful in the future.

Reply
User profile for user: jnovack
jnovack Author
User level: Level 1
8 points

Mar 8, 2012 8:57 AM in response to jnovack

MORE INFORMATION!


This just happened on a laptop which had a mobile account. After rejoining the domain, I was able to log in as OTHER domain accounts, just not the domain account that had been used previously before the rejoin.


This helped: http://flybyunix.carlcaum.com/2010/05/fixing-corrupt-mobile-account-in-snow.html


It's rare, but sometimes mobile accounts (accounts that sync to an Active Directory/LDAP entry) can become corrupt and bad things happen as a result. Common symptoms are shells not being able to start, applications claiming you don't permission to do this-or-that, etc. I still haven't found a good reason for this happening, but have discovered the corruption exists in /Local/Default/Users/<user> in the local Directory Service on the mac. Since the data is synced to Active Directory/LDAP, the easiest thing to do is simply delete the entry in Directory Service using dscl. Then when you log in with the account (using the Other option in the Login Window,) it will create a new mobile account and take over the home directory for the old account that you DIDN'T delete. Since the uid is synced, the files in the home directory are owned by new mobile account. To delete the entry in Directory Service, run the following command replacing <user> with the username of the account to be removed.


dscl . -delete /users/<user>

Reply
User profile for user: Malik-O
Malik-O
User level: Level 1
1 points

Sep 13, 2012 5:44 AM in response to jnovack

Hi Jnovack


I have the same error, i try binding client mac os x with deploystudio WorkFlow, and i have the same error that you


this computer is not bound to active directory you must bind it fiirst

dsconfigad: The plugin encountered an error processing request. (10001)


What you have do for resolve that please, my mac's client is 10.7.4 version with Lion


Thanks you for your feedback

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

10.7.3 dsconfigad: The plugin encountered an error processing request. (10001)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up