We have several computer accounts in Active Directory that have a duplicate entry in the format [hostname]CNF[guid]. Usually the CNF record is disabled causing the "the security database on the server does not have a computer account for this workstation trust" error, but not always.
I've looked into this a bit and understand that this is a replication conflict caused when an account is created on two different DCs with the same hostname in between the replication interval. What I don't understand is how this second record on another DC is being created in our environment with our procedures. Here is what we are doing:
We use an imaging appliance (Dell K2000) to deploy a .wim image that has had sysprep /generalize run on it. After the image is deployed an automated task is run to change the computer name according to our naming...