Directory Service is Busy in Windows EC2 Add-Computer PS Command

Hello,
This error happens when you push a large load on your Directory Service. Basically, when you try to rename multiple computers (For example – when you try to launch 10 instances with user data to Domain Join and subsequently rename the computer)

On a high level, it happens due to a write-conflict, i.e Two threads attempting to modify the same object in AD at the same time. This is mainly due to the complicated design of inter-dependent services that work asynchronously to complete the domain join operation.

In an Ideal scenario, first thread should complete before the second thread execution is started. However, given the async nature of the domain join operations, it is not possible to always ensure the sequence as-is and hence the issue will be seen intermittently and not on all machines.

Solution:-

The best solution would be to update the PowerShell script to handle failure and retry the rename operation after ‘X’ seconds. Or, alternatively, trigger the rename computer in a separate statement after waiting for a few seconds. A sample PowerShell might look as follows:

Add-Computer -ComputerName localhost -DomainName "test.aws.local" -Credential $credentials -Force -ErrorVariable JoinError
Write-Host "Waiting 10 seconds for netlogon session to complete"
sleep(10)
Write-Host "Proceeding to rename machine..."
Rename-Computer -NewName $computername -DomainCredential $credentials

In above PowerShell example, it will wait for 10 seconds so that one thread is completed before the next one is executed avoiding conflict. You can modify the sleep time because it varies on several factor depending on the environment.