Support for Security Option: "Domain controller: Allow computer account re-use during domain join"

[heinejeppesen]

Hi,

It would be great if the SecurityOption resource supported . This was added/enforced in late 2023 to harden domain join.

https://support.microsoft.com/en-au/topic/kb5020276-netjoin-domain-join-hardening-changes-2b65a0f3-1f4c-42ef-ac0f-1caaf421baf8

From the "Take Action" headline in the above article:

1. Under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options, double-click Domain controller: Allow computer account re-use during domain join.

2. Select Define this policy setting and <Edit Security…>.

3. Use the object picker to add users or groups of trusted computer account creators and owners to the Allow permission. (As a best practice, we highly recommend that you use groups for permissions.) Do not add the user account that performs the domain join.

When building environments through pipelines and DSC (from DC and up to servers/clients), this is much needed to allow reinstallation of individual servers/clients.