Your admin correctly explains the reason. This is not a bug, this is a feature - documented by Microsoft and quite logical behavior. The computer in your situation should take off from the domain.
The fact is that each computer has an account in the domain, which contains, among other things, a shared secret with a domain controller, i.e. password. This password is set when joining the domain, from time to time (if the memory does not lie, once every two weeks) the computer automatically changes to a new (random) one.
After the first password change by the computer, what is in the image and what is in AD will differ. The domain computer from the image "does not recognize".
Correct answer: yes, after deploying from the image, the computer from the domain must be removed and added again.

Google sysprep

A solution to the problem, it is probably the most correct in terms of separation of the working environment and development, test builds, deployment, etc.
1. A workstation in a domain has only workstation software - OS, office, browser, Skype, email client, integration with the domain, development tools: There is a second working machine / virtual machine on which development, testing, installation, demolition of software, restoration from the image is underway.
2. The domain user is allowed to add a workstation to the domain at the group policy level, in my opinion it is the default behavior, but I could be wrong.
3. A clean fresh machine with all the necessary software and updates, prepared by sysprep, an image was made from it. Once deployed from an image, the machine is brought into the domain, possibly automatically.

It's simple when you enter a computer into a Windows domain, it is assigned a SID that, according to domain policies, changes every 23-24 days, respectively, the client restored from the image has a different SID that no longer knows the CD and the computer has to be registered in the domain again. I met this problem in an educational network where the computers had ShadowUser, which restored the original state of the computer when booting, and the domain changed the SID after 24 days and had to re-register the computers on which ShadowUser stood. Domain security policy. Read here , it might be helpful.