戻る
-
タイトル
An account with the same name exists in Active Directory. Re-using the account was blocked by security policy. -
説明
When attempting to add a pre-created computer to a domain or reuse an existing computer account, the following error is encountered:
An account with the same name exists in Active Directory. Re-using the account was blocked by security policy. -
原因
Microsoft released KB5020276 in October 2022, which modifies the domain join process and performs additional security checks before attempting to reuse existing computer accounts.
Per the Microsoft KB article, computer account reuse is only permitted in the following scenarios:- Account reuse attempt will be permitted if the user attempting the operation is the creator of the existing account.
- Account reuse attempt will be permitted if the account was created by a member of domain administrators.
-
対策
By product design, Active Roles uses a proxy account to create all objects in Active Directory. Due to this, all computer accounts created by Active Roles will have the Active Roles proxy account as the computer creator. Attempts by administrators to then add or reuse pre-existing computer accounts to the domain will fail, as the administrator attempting the domain join is not the Active Roles proxy account.
To workaround this behavior, the following actions may be taken:- Add the Active Roles override / proxy account to the Domain Admins group. Per the Microsoft KB, if the computer account was created by a member of the Domain Admins group, the restrictions on computer account reuse are lifted.
- Disable or uninstall the changes introduced by KB5020276