Comment 24 for bug 2027716

Below are the results of leaving and rejoining the NT domain with Windows 10 Pro client (running on KVM virtual machine) and Ubuntu 20.04 ("focal") domain controller running Samba running 4.15.13+dfsg-0ubuntu0.20.04.3~ppa1 packages.

Machine trust account not deleted = Produces an error "An account with the same name exists in Active Directory. Reusing the account was blocked by security alert." Unfortunately I can't remember if this is the same behaviour as before the patch.

After deleting the machine trust account = 1st attempt produces the error "The specified computer account could not be found." This is as expected because we have a small delay due to LDAP replication between servers.

The 2nd attempt reports success (as expected). Then after the required reboot I could login as a user account which had previously logged in and could access the old profile, and also as a newly created user account which had never logged into the machine before and had not been added via the User Accounts control panel (again as expected). After login I could access the domain to look user accounts.

So apart from the error message when trying to join the domain when the machine trust account already exists, I think that is a success for the patched packages on Ubuntu 20.04.

To check if that behaviour when the machine trust account already existing is something new I will have to try to find an unpatched Ubuntu server to test with, possibly tomorrow.