If you run net ads join OU#50, you will get the invalid_dn_syntax error. This is
a valid OU, so net should be able to add our machine account there.
1. Create an OU named OU#55
2. Run net ads join OU#55 -Uadministrator%password
3. Notice the error
A little more info here: an OU cannot contain a # unless it is escaped. This is
LDAP syntax. If you actually look in the LDAP tree in your domain, OU#55 will
be called ou=OU\#55,dc=...etc.
However, we currently assume all \ and / characters mean that string is supposed
to be converted to a "path" of OUs, so OU\#55 is converted to ou=#55,ou=OU,dc=...
and a\b\c would be ou=c,ou=b,ou=a,dc=...
I'm proposing that we change it to only accept / as a separator, but I'm waiting
for some feedback first.
Fixed in r14931. Sorry it took so long to check in.
I changed it to use only '/' as the separator for multiple levels of OU. Special chars such as # aren't allowed in LDAP, but ads uses '\' to escape them. The join will require "ou\\#55" on the commandline, as you need to escape the escape char :-).