Hello. A few weeks ago KB5008102 was applied to domain controllers. From my understanding it requires computer objects created to have a trailing $ at the end of the sAMAccountName. Prior this, I'd add computer objects in the form of a MAC address, for example 111122223333, and they'd authenticate when connected. Now, for new computer objects, I have to add as 111122223333$, but authentication fails at the NPS, and the device is seen as so by the NPS server
Security ID: NULL SID
Account Name: 111122223333
Account Domain: ADU
Fully Qualified Account Name: ADU\111122223333
The reason code is 16, "Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account of the password was incorrect.
For existing computer objects defined prior the KB5008102, they continue to be seen as Security ID: ADU\xxxxxxxxxxxx
A current NPS policy for lets say VLAN 107 matches on condition Authentication Type "PAP" and User Groups "ADU\BLDG23A_VLAN107".
I don't have the necessary permissions to delete the trailing $ from a sAMAccountName. I was wondering, how could I create a new policy that would authenticate these new computer objects who have a trailing $ at the end of the sAMAccountName? Thanks.