0 votes

If a computer has the KB5020276 Netjoin: Domain join hardening changes Windows update installed, you might encounter the following error message when attempting to join such a computer to a domain via Adaxes.

An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.

The KB5020276 security patch imposes additional restrictions on who can join computers to a domain. As a result, if a computer account is created via Adaxes, the user specified in the Can be joined to domain by property of that account will not be able to join the computer to a domain unless one of the following scenarios is also true:

Scenario 1

The service account for the managed domain is a member of Domain Admins group.

Scenario 2

The computer in question has the following registry key set.

  • Path: HKLM\System\CurrentControlSet\Control\LSA
  • Type: REG_DWORD
  • Name: NetJoinLegacyAccountReuse
  • Value: 1

Scenario 3

The user who joins the computer to a domain is explicitly specified as the primary computer owner (specified in the ManagedBy (Primary) property).

‎ ‎

by (550 points)

Please log in or register to answer this question.

Related questions

0 votes
1 answer

In order to add a managed domain does it have to be trusted by the primary domain adaxes is installed an running in? I have set up a domain for testing adaxes and it ... I have set my host file to point the untrusted domain to it's primary Domain Controller.

asked Oct 5, 2022 by mightycabal (1.0k points)
0 votes
1 answer

We are attempting to use the member property in a powershell script for all groups. We get this error message on certain groups that are used as "primary". If we set another ... just shows the single member in the group in which the group is not the primary.

asked Feb 19, 2020 by mark.it.admin (2.3k points)
0 votes
1 answer

We get Sharepoint Online requests for access to sites/folder/content. Is there a way to automate this task?

asked Jul 10, 2023 by dharry (20 points)
0 votes
0 answers

Say you have Manager A that has 30 users under them. Manager A leaves and Manager B takes the position. What is the best way to update all 30 users so their new manager is Manager B.

asked Jun 7, 2021 by Jmbrown04 (60 points)
0 votes
1 answer

How can i différenciante the two user without opening each one of them ?

asked Jan 20, 2023 by eric.lebrun (20 points)
3,435 questions
3,131 answers
546,360 users