How to apply GPO Domain controller: Allow computer account re-use during domain join

Ahmed Essam 80 Reputation points
2024-06-01T02:14:13.78+00:00

Hello,

I experienced an issue during domain join using SCCM OSD, if the machine exist and try to rejoin with the same name with other service account it fails with error unable to rejoin due security policy, i have searched for the issue i found that i have to enable policy on domain controllers OU

Domain controller: Allow computer account re-use during domain join

Then add a security group that have the computers owners and the new service account that used for domain re-join

I have applied the policy but with same issue unable to join, i have verified the registry to find HKLM\System\CCS\Control\SAM – “ComputerAccountReuseAllowList” registry key is populated with the desired SDDL

but i didn't find folder CCS under the path, any ideas to resolve this issue.

User's image

Thanks,

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,408 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,060 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Jing Zhou 3,435 Reputation points Microsoft Vendor
    2024-06-04T09:19:33.2233333+00:00

    Hello,

     

    Thank you for posting in Q&A forum.

    To further check this issue, pleas kindly try below steps:

    1.Please kindly check how you apply the GPO in your domain, is it pushed by GPO management or any other third-party platform like Intune?

    2.After KB5020276 released for Windows update, you could encounter with such “An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.” issue, for further details please kindly refer to below Microsoft Official Link:

    REF:https://support.microsoft.com/en-us/topic/kb5020276-netjoin-domain-join-hardening-changes-2b65a0f3-1f4c-42ef-ac0f-1caaf421baf8

     

    Best regards,

    Jill Zhou

     


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments