Failed to join domain. AD error code 8557 | Nutanix Community
Skip to main content

As per this Microsoft article, the error code 8557 is ERROR_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED. This means that the user has joined so many computers that they exceeded the default per-user computer quota policy, which is 10.

 

Solution

In order to resolve the issue, you need to have Admin rights to AD to edit the Active Directory Service Interfaces (ADSI) utility following the below steps.

  1. Log in to the Active Directory Controller.
  2. Click Start -> Run and enter "adsiedit.msc"
  3. Expand the Domain node, right-click on the object that begins with “DC=” and contains the domain name of your domain.
  4. Click Properties.
  5. Find ms-DS-MachineAccountQuota on the Attribute Editor tab and click Edit.
  6. Enter the number of workstations you want users to be able to add. If you set it to 0, then they cannot add workstations at all. If you do not want a limit, click ClearDO NOT JUST DELETE IT!
  7. Click OK to close the Integer Attribute Editor dialog box and OK again to close the Properties box.
  8. Close ADSI Edit.
  9. Come back to your Frame Admin console and reboot the VMs that have the issue.
  10. If all VMs are having the issue, set capacity to 0 and back to N number.