Skip to Content

How do I Fix join domain error due to same account name exists in AD blocked by security policy

By: Author Alex Lim

Posted on

Categories Troubleshooting

Are you tired of struggling with the frustrating “An account with the same name exists in Active Directory. Re-using the account was blocked by security policy” error? This article provides a clear and concise solution to help you overcome this hurdle and ensure smooth operation of your Active Directory. Follow these impactful steps to fix the issue:

How do I Fix join domain error due to same account name exists in AD blocked by security policy

Solution 1: Rename the computer and join using a different account that doesn’t already exist

  1. Right-click on the This PC or “My Computer” icon on your desktop or in the File Explorer.
  2. Select “Properties” from the context menu.
  3. Click on “Change settings” next to the computer name.
  4. Click “Change.”
  5. Enter a new computer name and click “OK.”
  6. Restart the computer for changes to take effect.

Solution 2: Join using a different account name

  1. Press Windows + I and go to the Settings app.
  2. Navigate to “Accounts.”
  3. Click on “Access work or school.”
  4. Disconnect the current account and confirm the action.
  5. Repeat steps 1 and 2, then click on the “Connect” button.
  6. Click the “Join the device to a local Active Directory domain” link.
  7. Type in the domain name provided by your network administrator and seek necessary permissions.
  8. On the “Add an account” page, click the “Skip” button.
  9. Restart your PC and log in using the new account name.

Solution 3: Configure the new group policy setting

  1. Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.
  2. Double-click on “Domain controller: Allow computer account re-use during domain join.” Double-click on "Domain controller: Allow computer account re-use during domain join."
  3. Select “Define the policy setting” and click on “Edit Security.”
  4. Use the object picker to add trusted users or groups who are computer account creators and owners to the Allow permission. It is recommended to use groups for permissions.
  5. Avoid adding large groups like authenticated users or everyone. Instead, limit membership to specific trusted users and service accounts.
  6. Wait for the group policy refresh interval or run “gpupdate /force” on all domain controllers.

Solution 4: Remove the registry key or set it to zero

If you have previously deployed the NetJoinLegacyAccountReuse key on your clients and set it to value 1, you must now remove that key or set it to 0 to benefit from the latest changes introduced by CVE-2022-38042.

  1. Press Windows + R and type “regedit“, then hit Enter.
  2. In the Registry Editor, navigate to the following key: HKEY_LOCAL_MACHINES\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
  3. If the NetJoinLegacyAccountReuse key exists, either remove it or set its value to zero. If the NetJoinLegacyAccountReuse key exists, either remove it or set its value to zero.
  4. Restart your computer for the changes to take effect.

Solution 5: Uninstall the problematic update (KB5020276)

  1. Press Windows + I and go to Settings.
  2. Navigate to “Windows Update.
  3. Click on “Update history.”
  4. Click on “Uninstall updates.”
  5. Select the KB5020276 update from the list. Uninstall the problematic update (KB5020276)
  6. Click “Uninstall.”
  7. Wait for the process to complete and restart your PC.

By following these straightforward steps, you can confidently resolve the account reuse blockage issue in Active Directory. Say goodbye to the frustration and hello to a seamless operation of your system. Take control of your Active Directory now and enjoy the positive impact it will have on your workflow!