A quick note to document an issue a couple of my colleagues saw yesterday. While trying to join a RedHat machine to one of our domains, they got the following error:
Insufficient quota exists to complete the operation
I got involved and we checked the usual suspects like if the domain is working properly, time, account used to join the domain etc. It was slightly confusing as I could join my machines to the domain without issues, meaning everything was normal.
After a bit of head-scratching, our attention went to the fact that by default, Active Directory will let an authenticated user join up to 10 machines to the domain. In case you haven’t see the article, here it is: Default limit to number of workstations a user can join to the domain. Indeed, there were 10 machines in the container where my colleagues’ machines were going. So, we removed one and hey presto, next machine joined the domain.
Great! But that didn’t explain why we had such a problem because the account used to join machines to the domain, had delegated rights to create/delete computer objects and the default limit should not apply to such accounts, as mentioned in “Method 2” of this article: Domain Users Cannot Join Workstation or Server to a Domain
Then I realised it was because the account only had delegated rights on a specific OU, not everywhere and hence the problem. I asked my colleague to modify his script to mention the OU (–computer-ou=”<Distinguished Name of the OU>” in RedHat’s case) where the account had the rights and all was good again!
As you can tell, this problem is not unique to any OS. The error message might be slightly different for other operating systems but wording would probably be similar.
Moral of the story: It’s easy to forget/overlook so make sure to join the machine to the OU where the designated account has rights to create/delete computer objects or you will start seeing the issue above after joining 10 machines to the domain.