Domain join extension issue

I realize this post is very old but it is coming up as #1 on Google at the moment for this error, so in case anyone else comes across this problem.  For our scenario, we have an AADDC environment and I had noticed the default domain policy expired passwords at 90 days, overriding our Azure AD policy of no expirations.

In testing a policy that would remove this at the domain level, we created a new policy to expire at 1 day so we could tell if it was working or not.  This pretty quickly expired all the passwords on the domain and then new host deployments failed because their users were not allowed to login due to expired passwords, so the domain joins failed with this error 53.

If you hit this error on managed AADDS, check if you have a password policy.  If you don't, you might be hitting the default 90 day expiration.  If you do have a policy, check the parameters, possibly your joining user just needs their password changed if it is out of alignment with your Azure AD password policy:

https://learn.microsoft.com/en-us/azure/active-directory-domain-services/password-policy