Error: "Exception running the Device Trust client for user DOMAIN\USER : System.Runtime.InteropServices.COMException (0x8007200A): The specified directory service attribute or value does not exist."
Nov 12, 2025
Okta Classic Engine
Devices and Mobility
Overview
When setting up device trust for Windows machines, as mentioned in: Enforce Okta Device Trust for managed Windows computers, and the device registration task is installed, the following error is shown in Event Viewer logs:
Exception running the Device Trust client for user DOMAIN\USER : System.Runtime.InteropServices.COMException (0x8007200A): The specified directory service attribute or value does not exist.
Applies To
- Device trust
- Okta Classic Engine
- Device Trust for Windows
Cause
The cause of the error is due to missing permissions in Active Directory.
Solution
- The user running the Device Trust client must have Read permissions on the Domain Controllers, the User object, and the Organizational Units that contain the user and computer objects. If this permission is missing or restricted, the client cannot perform the necessary AD lookups.
- Ensure that full read permissions are set.
