Block computer from joining a domain if it has the same name as another computer object in ADUC

view full story

http://serverfault.com – At work we have a Domain Controller running Server 2008 R2. Our desktop support group has the ability to join computers to the domain using their network credentials. We are now running into a problem where if the name of the computer that is being joined is the same as an existing computer on the domain, the existing computer will get a "The trust relationship has failed..." error and will not authenticate at all unless someone logs in as a local admin, changes the computer name and rejoins it to the domain. I want to make it so that Desktop Support can only join computers with unique names (HowTos)