Adaxes

Why users cannot join computers to a domain in Adaxes if KB5020276 is installed?

0 votes

If a computer has the KB5020276 Netjoin: Domain join hardening changes Windows update installed, you might encounter the following error message when attempting to join such a computer to a domain via Adaxes.

An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.

The KB5020276 security patch imposes additional restrictions on who can join computers to a domain. As a result, if a computer account is created via Adaxes, the user specified in the Can be joined to domain by property of that account will not be able to join the computer to a domain unless one of the following scenarios is also true:

Scenario 1

The service account for the managed domain is a member of Domain Admins group.

Scenario 2

The computer in question has the following registry key set.

  • Path: HKLM\System\CurrentControlSet\Control\LSA
  • Type: REG_DWORD
  • Name: NetJoinLegacyAccountReuse
  • Value: 1

Scenario 3

The user who joins the computer to a domain is explicitly specified as the primary computer owner (specified in the ManagedBy (Primary) property).

‎ ‎

by (560 points)

Please log in or register to answer this question.

Related questions

0 votes
1 answer
In order to add a managed domain does it have to be trusted by the primary domain adaxes is installed an running in?

In order to add a managed domain does it have to be trusted by the primary domain adaxes is installed an running in? I have set up a domain for testing adaxes and it ... I have set my host file to point the untrusted domain to it's primary Domain Controller.

asked Oct 5, 2022 by mightycabal (1.0k points)
0 votes
1 answer
"The 'member' property cannot be found in the cache." Why is the member property empty on a group?

We are attempting to use the member property in a powershell script for all groups. We get this error message on certain groups that are used as "primary". If we set another ... just shows the single member in the group in which the group is not the primary.

asked Feb 19, 2020 by mark.it.admin (2.3k points)
0 votes
1 answer
Is there a way to integrate sharepoint sites in adaxes to create a web facing interface for users to see all sites?

We get Sharepoint Online requests for access to sites/folder/content. Is there a way to automate this task?

asked Jul 10, 2023 by dharry (20 points)
0 votes
0 answers
What is the proper way to change multiple users manager field if a management position changes

Say you have Manager A that has 30 users under them. Manager A leaves and Manager B takes the position. What is the best way to update all 30 users so their new manager is Manager B.

asked Jun 7, 2021 by Jmbrown04 (60 points)
0 votes
1 answer
When I'm searching for an user if there is a contact and an account, i cannot see directly which one is a contact.

How can i différenciante the two user without opening each one of them ?

asked Jan 20, 2023 by eric.lebrun (20 points)
3,564 questions
3,255 answers
8,264 comments
547,914 users