Microsoft updated the Domain Join security with KB5020276. From the KB:
Once you install the October 11, 2022, or later Windows cumulative updates on a client computer, during domain join, the client will perform additional security checks before attempting to reuse an existing computer account.
These additional security checks are done before attempting to join the computer. If the checks are successful, the rest of the join operation is subject to Active Directory permissions as before.
This change does not affect new accounts.
Note After installing the October 11, 2022, or later Windows cumulative updates, domain join with computer account reuse might intentionally fail with the following error:
Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: “An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.”
If so, the account is intentionally being protected by the new behavior.
Event ID 4101 will be triggered once the error above occurs and the issue will be logged in c:\windows\debug\netsetup.log. Please follow the steps below in Take Action to understand the failure and resolve the issue.
Microsoft gives Admins the following 4 suggestions to resolve this issue:
Review computer account provisioning workflows and understand if changes are required.