Share via

How to prevent same host name to join in doamin.

Ka Ho Cheng 355 Reputation points
2025-01-23T11:58:04.69+00:00

We are using on premise AD DC and single domain.

Since we have a incident that one vendor process to install new Desktop PC, a incorrect host name is configured (typo) and then joined to our domain. As the result, it caused another PC show error when use. Since it is handling by vendor that we are difficult to prevent it by manual or trust.

May I know any alert or blocking to prevent the same host name to join domain.

For example, the pop up message in PC to block when the same host name joining to domain. or some alert message.

Or, any operation experience can be shared for us.

Thanks

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
12,030 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
10,638 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Robert Rathbun 155 Reputation points
    2025-01-24T05:10:14.5066667+00:00

    It sounds like you're dealing with an issue where duplicate host names are being joined to your domain, causing conflicts. Here are some steps and solutions you can consider preventing this from happening:

    1. Group Policy Configuration:
    • You can configure a Group Policy to prevent the reuse of existing computer accounts during domain join. This can help ensure that duplicate host names are not allowed.
    • Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.
    • Double-click on Domain controller: Allow computer account re-use during domain join.
    • Select Define the policy setting and click on Edit Security.
      • Add trusted users or groups who are computer account creators and owners to the Allow permission.
    1. NetJoin: Domain Join Hardening Changes:
      • Windows updates released on and after October 11, 2022, include additional protections that prevent domain join operations from reusing an existing computer account unless certain conditions are met.
      • Ensure your systems are up to date with these changes to benefit from the latest security enhancements.
      Custom Scripts and Alerts:
      • You can create custom scripts to check for existing computer names before allowing a new computer to join the domain. These scripts can be integrated into your deployment process.
        • Additionally, you can set up alerts to notify administrators when a duplicate computer name is detected.
    2. Delegated Permissions:
      • Limit the permissions of users who can join computers to the domain. Ensure that only trusted personnel have the necessary permissions to add computers to the domain.
      • Remove unnecessary users from the Domain Admins group and delegate specific permissions as needed.

    Operational Best Practices:

    • Implement a naming convention for computer names to reduce the likelihood of typos and duplicates.
      • Regularly audit and clean up Active Directory to remove stale or unused computer accounts.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.