That's the exact crux of the problem.

It's almost certainly a security issue. That initially-created-but-not-yet-attached machine account can allow any PC to join the domain without any kind of checking. I'm not surprised that Microsoft removed it.