Jamf Nation Community

Does the computer object already exist on the domain? I would check for that. Also verify the system time matches with your domain controller; normally this will be set automatically, but always good to check.
Also, have the Windows admins check the domain controller logs; assuming you have multiple DCs, you may want to specify a particular DC in the dsconfigad command so they can look at the System (I think) log to see why it is being rejected.

OSX 10.12.3

already checked for computer object on the domain - found it and deleted it
verified system time is in sync

i've disabled SPI:
csrutil status
System Integrity Protection status: disabled.

and am trying to use dtrace or dtruss to determine whats going on behind the scenes.

Also tried nc foo.bar.domain.cop 389 and verified network/protocol connectivity

@yrs The only time I've experienced this kind of issue where I was totally unable to re-bind the machine to a domain with the exact error you are getting was on OS 10.8.5 - in which I had to re-image the machine. I tried for days to get it to work and attempted everything I knew with no luck. Imaging it was a faster resolution and then I never seen it again.

Found the problem. The hostname of the machine got incorrectly set to a garbage value. using the following i could correctly update the computer name, after that it just worked!

scutil --set LocalHostName $login

Thanks for all your help!