This is due to a new security policy "Network access: Restrict clients allowed to make remote calls to SAM".
According to Microsoft, the "Network access: Restricted clients allowed to make remote calls to SAM" security policy setting controls which users can enumerate users and groups in the local SAM (Security Accounts Manager) database and Active Directory.
Add the managed accounts into the "Network access: Restrict clients allowed to make remote calls to SAM" policy, to do this:
More information from Microsoft on this setting can be found here
Note: For step #6, if adding a group that contains the managed account does not resolve the issue then it may be necessary to add the functional account / managed account explicitly to the above policy. Restart is not required for this policy to take effect.
The security policy settings applies to the following operation systems:
The Group Policy setting is only available on computers that run Windows Server 2016 or Windows 10, version 1607 and later. This is the only option to configure this setting by using a user interface (UI).
On computers that run earlier versions of Windows, check if the following registry value exists:
© 2020 One Identity LLC. ALL RIGHTS RESERVED. Feedback Nutzungsbedingungen Datenschutz