I recently encountered when Microsoft Teams Room on Windows system went for re-imaging due to local hardware failure the system couldn't rejoined to domain even if you reset or re-create the computer objects.
The issue caused because of KB5020276 were Microsoft has strengthened their security measures for re-using a domain's computer object. The client computer queries Active Directory for an existing account with the same name. This query occurs during domain join and computer account provisioning. If such an account exists, the client will automatically attempt to reuse it. The reuse attempt will fail if the user who attempts the domain join operation does not have the appropriate write permissions.
The account is owned by a user specified as a trusted owner in the “Domain controller: Allow computer account re-use during domain join” Group Policy.
The account is owned by a user who is a member of a group specified as a trusted owner in the “Domain controller: Allow computer account re-use during domain join” Group Policy.
Configure the policy under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options, double-click Domain controller: Allow computer account re-use during domain join.
To ensure optimal performance, it's recommended that your Windows PC and domain controllers are updated with either the March-2023 update or the latest available update.
An alternate workaround (see below) is available, but please note that this option will no longer be available after the September 9,2023 updates. To address this issue, it is highly recommended to either create a GPO policy that allows custom AD accounts to be trusted or to have DA access.
No comments:
Post a Comment