[Samba] samba support of KB5020276 workaround
Luis Peromarta
lperoma at icloud.com
Wed Nov 6 10:52:09 UTC 2024
I’ve spent a lot of time working on this. There’s no workaround that actually works.
The machine account must me deleted and recreated by the new user. I use a generic user to own these new account so I keep it even if the employee adding machines leaves.
LP
On 6 Nov 2024 at 10:37 +0000, Francesco Malvezzi via samba <samba at lists.samba.org>, wrote:
> Hi everybody,
>
> since a couple of years, user X can't join a computer to AD if the
> computer object has been created by user Y.
>
> It is KB5020276—Netjoin: Domain join hardening changes [1].
>
> The documentation suggests a workaround, basically a group policy
> applied to all the domain controllers.
>
> Is it that possibile to apply group policies to a samba DC?
>
> The group policy I'm talking about requires a 2012R2 schema, but before
> raising the schema I would like to understand if it could possibly work ;)
>
> thank you so much,
>
> Francesco
>
> [1]
> https://support.microsoft.com/en-us/topic/kb5020276-netjoin-domain-join-hardening-changes-2b65a0f3-1f4c-42ef-ac0f-1caaf421baf8
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list