This operation is only allowed from the Primary Domain Controller of the domain

Mountain Pond 1,346 Reputation points
2023-04-11T18:04:31.0166667+00:00

Hi, Can you help me figure out what is causing this error:

Add-Computer -Credential $Cred -Server "dc03.contoso.com" -DomainName numerix.com -Force This operation is only allowed from the Primary Domain Controller of the domain

Or like this: DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "contoso.com":

The query was for the SRV record for _ldap._tcp.dc._msdcs.contoso.com when I try to add the device to the domain.

The fact is that there are three domain controllers. Network traffic is open between them and replication is successful. The host is on the same network as DC03, but the network between DC01, DC02 and Host is isolated.

All FQDN roles on DC01.

I don't understand why there is a dependency on the PDC if the computer is added to the domain or re-added. If I allow traffic to DC01, DC02 - no problem. I also tried resetting the secure channel between for DC03, but that didn't work. Thank you.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,996 questions
0 comments No comments
{count} votes

Accepted answer
  1. Dave Patrick 426.2K Reputation points MVP
    2023-04-11T18:12:34.2433333+00:00

    You'll just need access to a writeable domain controller to do a domain join.

    --please don't forget to upvote and Accept as answer if the reply is helpful--


0 additional answers

Sort by: Most helpful