Hello
Thank you for posting in Q&A forum.
The issue you're facing is related to the domain join hardening changes introduced by Microsoft to improve security. You can check out the following steps to resolve this issue.
Step 1: Verify and Configure Group Policy Settings
Open Group Policy Management:
• Press Windows + R to open the Run dialog box.
• Type gpmc.msc and press Enter.
Navigate to Security Options:
• Go to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.
Modify Domain Controller: Allow computer account re-use during domain join:
• Double-click on Domain controller: Allow computer account re-use during domain join.
• Select Define this policy setting and click on Edit Security.
• Add the group that has permissions to add PCs to the domain. Ensure this group has the Allow permission.
Step 2: Ensure Appropriate Permissions
Using Active Directory Users and Computers:
• Open Active Directory Users and Computers.
• Navigate to the OU where your computer accounts are stored.
• Right-click on the OU and select Delegate Control.
Delegate Control:
• Follow the wizard to delegate control to the group or users responsible for adding computers to the domain.
• Ensure the delegated permissions include Create and delete computer objects and read all properties.
Step 3: Remove Legacy Registry Key
Open Registry Editor:
• Press Windows + R to open the Run dialog box.
• Type regedit and press Enter.
Navigate to the Key:
• Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SAM.
• Look for the NetJoinLegacyAccountReuse key and delete it if it exists.
Step 4: Verify System Updates
Check for Updates:
• Ensure that all domain controllers and client machines are up to date with the latest Windows updates.
Update Policy:
• Run gpupdate /force on both the domain controller and client machines to ensure that all policies are applied correctly.
Step 5: Re-add Computer to Domain
Rename the Computer (if necessary):
• If the computer account already exists in AD, consider renaming the computer before re-adding it to the domain.
Join the Domain:
• Use the following steps to join the computer to the domain:
• Open System Properties.
• Click Change to rename the computer or change its domain.
• Enter the domain name and credentials of a user with permissions to join the domain.
Check Event Logs:
• After attempting to join the domain, check the Event Viewer for any relevant logs that might provide additional information about the error.
Step 6: Test and Validate
Reimage and Test:
• After making the changes, reimage a test PC and attempt to join it to the domain.
• Monitor the process to ensure that it completes successfully without any errors.
By following these detailed steps, you should be able to resolve the issues with re-adding PCs to the domain
Best regards
Yanhong
=====================================
If the answer is helpful, please click "Accept answer" and upvote it