Domain Join hardening: An account with the same name exists in Active . . . This post is regarding “ An account with the same name exists in Active Directory, re-using the account was blocked by a security policy ” Updates for Windows that are issued on or after October 11, 2022, include new security measures came about by CVE-2022-38042
Active Directory: Computer Account Re-Use Domain Join Policy Next edit the policy and go to Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Option s, double-click Domain controller: Allow computer account re-use during domain join
KB5020276—Netjoin: Domain join hardening changes - Microsoft Support Behavior before October 11 2022 Before you install the October 11, 2022, or later cumulative updates, the client computer queries Active Directory for an existing account with the same name This query occurs during domain join and computer account provisioning If such an account exists, the client will automatically attempt to reuse it
Fix: Unable to Join Computer to Active Directory Domain An account with the same name exists in Active Directory, re-using the account was blocked by a security policy – Change the computer name (hostname) to something unique, or delete (reset) the computer account with the same name in AD
How to apply GPO Domain controller: Allow computer account re-use . . . 2 After KB5020276 released for Windows update, you could encounter with such “An account with the same name exists in Active Directory Re-using the account was blocked by security policy ” issue, for further details please kindly refer to below Microsoft Official Link:
Joining a domain with the same client again not possible : r sysadmin The account already exists in Active Directory The same usage of the account has been blocked by the security guidelines " My guess is that there is a GPO that prevents me from adding it again even if I login with the local admin account Do I have to delete the client object in the Active Directory and create it again? Will it obtain a new SID?
Microsoft: Windows domain joins may fail after October updates Microsoft explained that domain join processes might intentionally fail with "0xaac (2732): NERR_AccountReuseBlockedByPolicy" errors saying that "An account with the same name exists in Active
Windows: Unable to join domain: Re-using the account was blocked by . . . Windows: Unable to join domain: Re-using the account was blocked by security policy Update 12 11 2022: I opened an support case at Microsoft because this change breaks several delegation concepts As a result setting the registry key is a temporary workaround (offical) temporary workaround but, Citation Microsoft: This can removed in the future (and can replaced by another method) The
Computer account problem in Active Directory : r sysadmin The computer will connect to the new AD object and be able to logon again The user account wasn't recreated so that should stay in place with no issues Note that even though the computer has the same name, this is no longer the same AD object as the original so it does not recover settings that were applied specifically to the old AD object
Active Directory: Reuse of the account was blocked by a security policy . . . In the domain, an Identity Manager could be created before the computer is added to the Active Directory (pre-staged) and not only when the computer is added to the AD In this case, the computer account already exists and was created by a service account of the Identity Manager (in this example, the service account is called "IdentityManager")