The domain controller on WinServer 2012 R2. On a Windows computer 10 Fall Creators Update. It turns out to add a Microsoft account, but the system does not propose to confirm it, due to which there is synchronization of the different parameters. As I recall, this problem does not occur if you put an earlier build of Windows, but it is for me not an option. I have looked through group policy and local - nothing helped.
For example here: Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft account there is only one parameter "Block authentication...". Turned it off, although it is disabled by default. This is done in the local policy on the computer itself, because in WinServer 2012 R2 this policy yet.
On the server the policy here is this:

None of this helped. How to be?