An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.

Return

• Title

  An trương mục with the same name exists in Active Directory. Re-using the trương mục was blocked by security policy.

• Description

  When attempting lớn perform a domain name join where you have pre-created the computer accounts in the target domain name, or when a computer tries lớn rejoin the source domain name during a rollback sự kiện, the following error is encountered:

  An trương mục with the same name exists in Active Directory. Re-using the trương mục was blocked by security policy.
   

• Cause

  Microsoft released KB5020276 in October 2022, which modifies the domain name join process and performs additional security checks before attempting lớn reuse existing computer accounts.

  Per the Microsoft KB article, computer trương mục reuse is only permitted in the following scenarios:

  1. The user attempting the operation is the creator of the existing trương mục.
  2. The computer trương mục was created by a thành viên of domain name administrators.
  3. The owner of the computer trương mục that is being reused is a thành viên of the "Domain controller: Allow computer trương mục re-use during domain name join." Group Policy setting.

• Resolution

  Follow Microsoft’s guidance in the Take kích hoạt section of the KB lớn configure the new group policy that grants permissions for specific accounts lớn re-use pre-existing computer accounts during domain name join.

  1. Install the March 14, 2023, updates on all thành viên computers and domain name controllers
  2. Configure the new group policy setting
     1. Open the following policy for editing: Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Domain controller: Allow computer trương mục re-use during domain name join
     2. Select Define this policy setting and
     3. Add users or groups lớn the Allow permission
        1. Add the accounts that pre-created the computer accounts in Active Directory
  3. If you previously enabled the NetJoinLegacyAccountReuse registry key, disable it on the thành viên computer by deleting the key or setting the value lớn 0
     1. HKLM\System\CurrentControlSet\Control\LSA\NetJoinLegacyAccountReuse

Product(s):

On Demand Migration
Current

Migration Manager for AD
8.15, 8.14

Migrator Pro for Active Directory
đôi mươi.11.1, đôi mươi.11, đôi mươi.10

Topic(s):

Technical Solutions

Article History:

Created on: 9/4/2023
Last Update on: 9/4/2023