Jump to content


anyweb

Migrate to the cloud - Part 1. Setup

Recommended Posts

Just want to say thank you so much for replying and your help. so testing using your troubleshooting worked like a treat. i ripped it all out and re read everything and the part 2 ran perfectly. 

 

I have a question though, our on prem usernames are JBlogs (first initial then last name) where as our Azure UPNs are Joe.Blogs@ (firstname.lastname). when the part 2 appears and asks for you to sign in with your email and password to enroll, its JBlogs@companyemail.com. is there anyway to convert this to firstname.lastname?

 

again thank you so much!

  • Thanks 1

Share this post


Link to post
Share on other sites

Quote

Also, when creating the program in SCCM, what settings did you create on the program? Did you ask it to run as admin or under the user context? 

 

it must run under system context, so set it like i show in the picture below

 

image.png

Share this post


Link to post
Share on other sites

10 minutes ago, ryand274 said:

Just want to say thank you so much for replying and your help. so testing using your troubleshooting worked like a treat. i ripped it all out and re read everything and the part 2 ran perfectly. 

 

I have a question though, our on prem usernames are JBlogs (first initial then last name) where as our Azure UPNs are Joe.Blogs@ (firstname.lastname). when the part 2 appears and asks for you to sign in with your email and password to enroll, its JBlogs@companyemail.com. is there anyway to convert this to firstname.lastname?

 

again thank you so much!

great that you got it working !

now regarding your UPN, you'll have to modify the script to work with your custom layout, and modify the $user and $upnsuffix variables to suit your environment, that's up to you to solve :) you might need to pull this info from Active Directory if it's available there

Share this post


Link to post
Share on other sites

18 minutes ago, anyweb said:

great that you got it working !

now regarding your UPN, you'll have to modify the script to work with your custom layout, and modify the $user and $upnsuffix variables to suit your environment, that's up to you to solve :) you might need to pull this info from Active Directory if it's available there

So part 2 goes well, until it reaches Converting to windows Autopilot. i can see the request hitting my function as i get the following readout in the logs on the Code+test section:

 

2022-06-21T09:29:57.863 [Information] Executing 'Functions.add_device_to_aad_group' (Reason='This function was programmatically called via the host APIs.', Id=2f44b2d9-4544-4051-b459-a01c9f7ef627)
2022-06-21T09:29:57.869 [Information] INFORMATION: PowerShell HTTP trigger function processed a request.
2022-06-21T09:29:58.040 [Information] OUTPUT: eyJ0eXAiOiJKV1QiLCJub25jZSI6InhFNEloa2wwcURjQ1d2WmhrTllGeHBEdkFicjlVdTVPbkNDdTFqUElIVTQiLCJhbGciOiJSUzI1NiIsIng1dCI6ImpTMVhvMU9XRGpfNTJ2YndHTmd2UU8yVnpNYyIsImtpZCI6ImpTMVhvMU9XRGpfNTJ2YndHTmd2UU8yVnpNYyJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC84NDI1ZGI0OC00NTU4LTQzZTgtOWE0YS05N2E2YzAzN2ZmYmQvIiwiaWF0IjoxNjU1ODAzNDk3LCJuYmYiOjE2NTU4MDM0OTcsImV4cCI6MTY1NTgwNzM5NywiYWlvIjoiRTJaZ1lBaDRWSFhxc0kyWEw3OHA2OFA3eHhuY0FBPT0iLCJhcHBfZGlzcGxheW5hbWUiOiJHcmFwaF9GdW5jdGlvbiIsImFwcGlkIjoiYTIxNDY0ZTktZDQ0NS00YzEzLWIzNjYtOWI4ZWQxZmYyYmFmIiwiYXBwaWRhY3IiOiIxIiwiaWRwIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvODQyNWRiNDgtNDU1OC00M2U4LTlhNGEtOTdhNmMwMzdmZmJkLyIsImlkdHlwIjoiYXBwIiwib2lkIjoiMzNhZGJlYjUtOGViMC00N2Q1LTlhZWQtZjNjMWFkYTk2YTk4IiwicmgiOiIwLkFVY0FTTnNsaEZoRjZFT2FTcGVtd0RmX3ZRTUFBQUFBQUFBQXdBQUFBQUFBQUFCSEFBQS4iLCJyb2xlcyI6WyJEZXZpY2UuUmVhZC5BbGwiXSwic3ViIjoiMzNhZGJlYjUtOGViMC00N2Q1LTlhZWQtZjNjMWFkYTk2YTk4IiwidGVuYW50X3JlZ2lvbl9zY29wZSI6IkVVIiwidGlkIjoiODQyNWRiNDgtNDU1OC00M2U4LTlhNGEtOTdhNmMwMzdmZmJkIiwidXRpIjoiUkZxQTNiMzVma1dMWkRqMWRiRk9BQSIsInZlciI6IjEuMCIsIndpZHMiOlsiMDk5N2ExZDAtMGQxZC00YWNiLWI0MDgtZDVjYTczMTIxZTkwIl0sInhtc190Y2R0IjoxNDIyMjc5NzA2fQ.MO0jac-XW8u5TWudU7xGSAV50wHn2EYIJ1fCExm3jQGRb9gM4kVHOiECOADNVjegGmdoQ69SG__hZoHmJNpev6h_hxNgBCV25lqgcd7NCB5Ver__KfFc7G8Lt4EciVQHFDBBmJcYb7mjipgFwi0pIFBikn2Hws6F_6rSy4Nha6KHpnYGhL5Eu50OfSwEF5DKHADfDJh-KZsSY0BBZxP0B278cn6WR25ljsVLftsubzbycuxiDxczKWI2XXT4nRoTkI9GiHXSk9-QmiDAX5QJYlnzEKLlYkJ4tpNjvWmhm3XnJAfXzbdQblTcNSxweUbyW2hfRjjRF72cJO6YG5-MMg
2022-06-21T09:29:58.042 [Information] Executed 'Functions.add_device_to_aad_group' (Succeeded, Id=2f44b2d9-4544-4051-b459-a01c9f7ef627, Duration=178ms)
 
but i dont see it being added to the azure group?
 
I made sure to fill out the group ID1 and group ID2 in the powershell script, and the URL to the function app
 
Any ideas?
 
Sorry for all the questions 
 
Edited by ryand274

Share this post


Link to post
Share on other sites

18 minutes ago, ryand274 said:

So part 2 goes well, until it reaches Converting to windows Autopilot. i can see the request hitting my function as i get the following readout in the logs on the Code+test section:

 

2022-06-21T09:29:57.863 [Information] Executing 'Functions.add_device_to_aad_group' (Reason='This function was programmatically called via the host APIs.', Id=2f44b2d9-4544-4051-b459-a01c9f7ef627)
2022-06-21T09:29:57.869 [Information] INFORMATION: PowerShell HTTP trigger function processed a request.
2022-06-21T09:29:58.040 [Information] OUTPUT: eyJ0eXAiOiJKV1QiLCJub25jZSI6InhFNEloa2wwcURjQ1d2WmhrTllGeHBEdkFicjlVdTVPbkNDdTFqUElIVTQiLCJhbGciOiJSUzI1NiIsIng1dCI6ImpTMVhvMU9XRGpfNTJ2YndHTmd2UU8yVnpNYyIsImtpZCI6ImpTMVhvMU9XRGpfNTJ2YndHTmd2UU8yVnpNYyJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC84NDI1ZGI0OC00NTU4LTQzZTgtOWE0YS05N2E2YzAzN2ZmYmQvIiwiaWF0IjoxNjU1ODAzNDk3LCJuYmYiOjE2NTU4MDM0OTcsImV4cCI6MTY1NTgwNzM5NywiYWlvIjoiRTJaZ1lBaDRWSFhxc0kyWEw3OHA2OFA3eHhuY0FBPT0iLCJhcHBfZGlzcGxheW5hbWUiOiJHcmFwaF9GdW5jdGlvbiIsImFwcGlkIjoiYTIxNDY0ZTktZDQ0NS00YzEzLWIzNjYtOWI4ZWQxZmYyYmFmIiwiYXBwaWRhY3IiOiIxIiwiaWRwIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvODQyNWRiNDgtNDU1OC00M2U4LTlhNGEtOTdhNmMwMzdmZmJkLyIsImlkdHlwIjoiYXBwIiwib2lkIjoiMzNhZGJlYjUtOGViMC00N2Q1LTlhZWQtZjNjMWFkYTk2YTk4IiwicmgiOiIwLkFVY0FTTnNsaEZoRjZFT2FTcGVtd0RmX3ZRTUFBQUFBQUFBQXdBQUFBQUFBQUFCSEFBQS4iLCJyb2xlcyI6WyJEZXZpY2UuUmVhZC5BbGwiXSwic3ViIjoiMzNhZGJlYjUtOGViMC00N2Q1LTlhZWQtZjNjMWFkYTk2YTk4IiwidGVuYW50X3JlZ2lvbl9zY29wZSI6IkVVIiwidGlkIjoiODQyNWRiNDgtNDU1OC00M2U4LTlhNGEtOTdhNmMwMzdmZmJkIiwidXRpIjoiUkZxQTNiMzVma1dMWkRqMWRiRk9BQSIsInZlciI6IjEuMCIsIndpZHMiOlsiMDk5N2ExZDAtMGQxZC00YWNiLWI0MDgtZDVjYTczMTIxZTkwIl0sInhtc190Y2R0IjoxNDIyMjc5NzA2fQ.MO0jac-XW8u5TWudU7xGSAV50wHn2EYIJ1fCExm3jQGRb9gM4kVHOiECOADNVjegGmdoQ69SG__hZoHmJNpev6h_hxNgBCV25lqgcd7NCB5Ver__KfFc7G8Lt4EciVQHFDBBmJcYb7mjipgFwi0pIFBikn2Hws6F_6rSy4Nha6KHpnYGhL5Eu50OfSwEF5DKHADfDJh-KZsSY0BBZxP0B278cn6WR25ljsVLftsubzbycuxiDxczKWI2XXT4nRoTkI9GiHXSk9-QmiDAX5QJYlnzEKLlYkJ4tpNjvWmhm3XnJAfXzbdQblTcNSxweUbyW2hfRjjRF72cJO6YG5-MMg
2022-06-21T09:29:58.042 [Information] Executed 'Functions.add_device_to_aad_group' (Succeeded, Id=2f44b2d9-4544-4051-b459-a01c9f7ef627, Duration=178ms)
 
but i dont see it being added to the azure group?
 
I made sure to fill out the group ID1 and group ID2 in the powershell script, and the URL to the function app
 
Any ideas?
 
Sorry for all the questions 
 

i think i found the issue, its something my end. the AzureAD Join process didnt work due a restriction we have in place

Share this post


Link to post
Share on other sites

Noob here, so excuse me if this is dense.  Will this work without Config Manager actively being used?  Can I just run the 

ServiceUI.exe -process:explorer.exe %SYSTEMROOT%\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -File Win.AP.Sweepback_part1.ps1

manually or via a script?

Share this post


Link to post
Share on other sites

yes you can run it without ConfigMgr, it's just a Powershell script after all, the ServiceUI.exe file make's it run in SYSTEM context,

however, how do you intend to deploy this script to your devices ?

Share this post


Link to post
Share on other sites

55 minutes ago, anyweb said:

yes you can run it without ConfigMgr, it's just a Powershell script after all, the ServiceUI.exe file make's it run in SYSTEM context,

however, how do you intend to deploy this script to your devices ?

Thank you! I have an RMM agent running on the workstations.  

Share this post


Link to post
Share on other sites

Hi. I'm testing this, but we want to disable Windows Hello. We don't use ConfigMGR as well, just another MDM-solution, so that step can be skipped. Will the Intune policies hit the client before the windows hello setup or do we need to put this in the process?

Edited by kjeska

Share this post


Link to post
Share on other sites

the intune policies will hit as soon as the device becomes managed by Intune which usually occurs after we join Azure AD,

why do you want to disable Windows Hello For Business ?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.