I'm trying to bind a unique computer setup to Active Directory (AD) but want to avoid using my usual account for security reasons. In the past, I created a temporary account and added it to the appropriate AD groups, which allowed me to bind to the AD without any issues. However, now I'm running into an error: "An account with the same name exists in Active Directory. Re-using the account was blocked by security policy."
I made the AD computer object using my usual credentials, but I wanted to use the temporary account for binding. I thought about adjusting some registry settings and security policies concerning computer account reuse, but nothing seems to work.
I found a workaround where I created a new computer object using the temporary account logged into a machine with ADUC, but I'd prefer a quicker method. I'm looking for any suggestions on how to achieve the binding without having to log in through the temp account, or if there's a PowerShell command that could help create a new computer object using the temp account's credentials without going through the full login process each time.
1 Answer
It sounds like you're struggling with the new security policies. Normally, only the user who joined the computer (or a user with the right permissions) can reuse an AD account. One quick fix could be creating a new OU and delegating the necessary permissions to the temporary account that you want to use for binding. That way, you can do everything under the right permissions without conflicts. Just make sure the temporary account has the right role, and it should be able to bind to the AD without any issues.
It sounds like your main issue is reusing a computer account, which can be tricky. If creating a new object works for you even if it’s a hassle, maybe look into simplifying your temp account's permissions to make it easier to do things if you need to repeat this.
Also, check the quota settings for non-admin users. If it's set to zero, you might run into problems trying to join the domain without admin rights.