I came across an issue where my MDT Task Sequence stopped joining machines to the domain. It had been working flawlessly for days and nothing had changed.
After a bit of digging, I found the below in C:\Windows\debug\NetSetup.log
NetpMapGetLdapExtendedError: Parsed [0x5] from server extended error string: 00000005: SecErr: DSID-031A1169, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
NetpModifyComputerObjectInDs: ldap_modify_s failed: 0x32 0x5
NetpCreateComputerObjectInDs: NetpModifyComputerObjectInDs failed: 0x5
NetpProvisionComputerAccount: LDAP creation failed: 0x5
In my MDT setup, I have a specific AD user for joining the machine to the domain during the Task Sequence. It was a standard user with no special access rights. I then remembered that by default, Domain Users can join the a domain 10 times which had been exceeded in this scenario.
The quickest fix is to just add the user to the Domain Admins group however a more secure way is to delegate the user specific domain join rights.