To follow up on my original answer. The final addition I put into my image was to disable the machine password change. So each time my instant clones were recreated using the same DNS name. They would only point to one of my dc's and not change their machine pw with AD to allow them to continually auth and receive the GPOs. After making that change to the registry. My pools have been running in production without any errors to authenticate. Need to confirm on my image that this document is modifying the correct key.
https://support.microsoft.com/en-us/help/154501/how-to-disable-automatic-machine-account-password-ch...
