When you say not the same way do you mean that there’s no possibility of SSO? Do Windows 7 and 8.1 clients using password sync behave in a similar fashion to Windows 10 in regards to the scheduled task? That is auth, create a self-signed cert and copy that via LDAP to the userCertifcates attribute of the computer object?The reason I ask is we’re using password sync and have successfully auto registered a Win 10 PC but are still scratching our heads on the Win 7 PC. It seems to be hanging at the auth piece according to the event log errors (400’s and 404’s).
Locate the ms-DS-MachineAccountQuota attribute on the Attribute Editor tab and click Edit. On the Integer Attribute Editor dialog, enter the number of workstations you want users to be able to add. You can enter 0 to prevent users from joining any workstations to the domain or clear the value to remove the limit. Resetting user's limits to join to the domain So at my company I'm a domain admin. Now, there's a setting for allowing certain users (or OU's) a limited number of times that they are allowed to join new machines on to the domain, without making them a domain admin.