How to apply GPO Domain controller: Allow computer account re-use during domain join

Question

Hello,

I experienced an issue during domain join using SCCM OSD, if the machine exist and try to rejoin with the same name with other service account it fails with error unable to rejoin due security policy, i have searched for the issue i found that i have to enable policy on domain controllers OU

Domain controller: Allow computer account re-use during domain join

Then add a security group that have the computers owners and the new service account that used for domain re-join

I have applied the policy but with same issue unable to join, i have verified the registry to find HKLM\System\CCS\Control\SAM – “ComputerAccountReuseAllowList” registry key is populated with the desired SDDL

but i didn't find folder CCS under the path, any ideas to resolve this issue.

Thanks,

Answer 1

Hello,

 

Thank you for posting in Q&A forum.

To further check this issue, pleas kindly try below steps:

1.Please kindly check how you apply the GPO in your domain, is it pushed by GPO management or any other third-party platform like Intune?

2.After KB5020276 released for Windows update, you could encounter with such “An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.” issue, for further details please kindly refer to below Microsoft Official Link:

REF:https://support.microsoft.com/en-us/topic/kb5020276-netjoin-domain-join-hardening-changes-2b65a0f3-1f4c-42ef-ac0f-1caaf421baf8

 

Best regards，

Jill Zhou

 

---

If the Answer is helpful, please click "Accept Answer" and upvote it.