Jump to content


anyweb

Migrate to the cloud - Part 1. Setup

By anyweb, in System Center Configuration Manager (Current Branch)

Recommended Posts

ryand274 Newbie

ryand274

Posted
Posted

Just want to say thank you so much for replying and your help. so testing using your troubleshooting worked like a treat. i ripped it all out and re read everything and the part 2 ran perfectly. 

 

I have a question though, our on prem usernames are JBlogs (first initial then last name) where as our Azure UPNs are Joe.Blogs@ (firstname.lastname). when the part 2 appears and asks for you to sign in with your email and password to enroll, its JBlogs@companyemail.com. is there anyway to convert this to firstname.lastname?

 

again thank you so much!

  • Thanks 1

Share this post

Link to post
Share on other sites
anyweb Rising Star

anyweb

Posted
Posted
Quote

Also, when creating the program in SCCM, what settings did you create on the program? Did you ask it to run as admin or under the user context? 

 

it must run under system context, so set it like i show in the picture below

 

image.png

Share this post

Link to post
Share on other sites
anyweb Rising Star

anyweb

Posted
Posted
10 minutes ago, ryand274 said:

Just want to say thank you so much for replying and your help. so testing using your troubleshooting worked like a treat. i ripped it all out and re read everything and the part 2 ran perfectly. 

 

I have a question though, our on prem usernames are JBlogs (first initial then last name) where as our Azure UPNs are Joe.Blogs@ (firstname.lastname). when the part 2 appears and asks for you to sign in with your email and password to enroll, its JBlogs@companyemail.com. is there anyway to convert this to firstname.lastname?

 

again thank you so much!

great that you got it working !

now regarding your UPN, you'll have to modify the script to work with your custom layout, and modify the $user and $upnsuffix variables to suit your environment, that's up to you to solve :) you might need to pull this info from Active Directory if it's available there

Share this post

Link to post
Share on other sites
ryand274 Newbie

ryand274

Posted
Posted (edited)
18 minutes ago, anyweb said:

great that you got it working !

now regarding your UPN, you'll have to modify the script to work with your custom layout, and modify the $user and $upnsuffix variables to suit your environment, that's up to you to solve :) you might need to pull this info from Active Directory if it's available there

So part 2 goes well, until it reaches Converting to windows Autopilot. i can see the request hitting my function as i get the following readout in the logs on the Code+test section:

 

2022-06-21T09:29:57.863 [Information] Executing 'Functions.add_device_to_aad_group' (Reason='This function was programmatically called via the host APIs.', Id=2f44b2d9-4544-4051-b459-a01c9f7ef627)
2022-06-21T09:29:57.869 [Information] INFORMATION: PowerShell HTTP trigger function processed a request.
2022-06-21T09:29:58.040 [Information] OUTPUT: eyJ0eXAiOiJKV1QiLCJub25jZSI6InhFNEloa2wwcURjQ1d2WmhrTllGeHBEdkFicjlVdTVPbkNDdTFqUElIVTQiLCJhbGciOiJSUzI1NiIsIng1dCI6ImpTMVhvMU9XRGpfNTJ2YndHTmd2UU8yVnpNYyIsImtpZCI6ImpTMVhvMU9XRGpfNTJ2YndHTmd2UU8yVnpNYyJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC84NDI1ZGI0OC00NTU4LTQzZTgtOWE0YS05N2E2YzAzN2ZmYmQvIiwiaWF0IjoxNjU1ODAzNDk3LCJuYmYiOjE2NTU4MDM0OTcsImV4cCI6MTY1NTgwNzM5NywiYWlvIjoiRTJaZ1lBaDRWSFhxc0kyWEw3OHA2OFA3eHhuY0FBPT0iLCJhcHBfZGlzcGxheW5hbWUiOiJHcmFwaF9GdW5jdGlvbiIsImFwcGlkIjoiYTIxNDY0ZTktZDQ0NS00YzEzLWIzNjYtOWI4ZWQxZmYyYmFmIiwiYXBwaWRhY3IiOiIxIiwiaWRwIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvODQyNWRiNDgtNDU1OC00M2U4LTlhNGEtOTdhNmMwMzdmZmJkLyIsImlkdHlwIjoiYXBwIiwib2lkIjoiMzNhZGJlYjUtOGViMC00N2Q1LTlhZWQtZjNjMWFkYTk2YTk4IiwicmgiOiIwLkFVY0FTTnNsaEZoRjZFT2FTcGVtd0RmX3ZRTUFBQUFBQUFBQXdBQUFBQUFBQUFCSEFBQS4iLCJyb2xlcyI6WyJEZXZpY2UuUmVhZC5BbGwiXSwic3ViIjoiMzNhZGJlYjUtOGViMC00N2Q1LTlhZWQtZjNjMWFkYTk2YTk4IiwidGVuYW50X3JlZ2lvbl9zY29wZSI6IkVVIiwidGlkIjoiODQyNWRiNDgtNDU1OC00M2U4LTlhNGEtOTdhNmMwMzdmZmJkIiwidXRpIjoiUkZxQTNiMzVma1dMWkRqMWRiRk9BQSIsInZlciI6IjEuMCIsIndpZHMiOlsiMDk5N2ExZDAtMGQxZC00YWNiLWI0MDgtZDVjYTczMTIxZTkwIl0sInhtc190Y2R0IjoxNDIyMjc5NzA2fQ.MO0jac-XW8u5TWudU7xGSAV50wHn2EYIJ1fCExm3jQGRb9gM4kVHOiECOADNVjegGmdoQ69SG__hZoHmJNpev6h_hxNgBCV25lqgcd7NCB5Ver__KfFc7G8Lt4EciVQHFDBBmJcYb7mjipgFwi0pIFBikn2Hws6F_6rSy4Nha6KHpnYGhL5Eu50OfSwEF5DKHADfDJh-KZsSY0BBZxP0B278cn6WR25ljsVLftsubzbycuxiDxczKWI2XXT4nRoTkI9GiHXSk9-QmiDAX5QJYlnzEKLlYkJ4tpNjvWmhm3XnJAfXzbdQblTcNSxweUbyW2hfRjjRF72cJO6YG5-MMg
2022-06-21T09:29:58.042 [Information] Executed 'Functions.add_device_to_aad_group' (Succeeded, Id=2f44b2d9-4544-4051-b459-a01c9f7ef627, Duration=178ms)
 
but i dont see it being added to the azure group?
 
I made sure to fill out the group ID1 and group ID2 in the powershell script, and the URL to the function app
 
Any ideas?
 
Sorry for all the questions 
 
Edited by ryand274

Share this post

Link to post
Share on other sites
ryand274 Newbie

ryand274

Posted
Posted
18 minutes ago, ryand274 said:

So part 2 goes well, until it reaches Converting to windows Autopilot. i can see the request hitting my function as i get the following readout in the logs on the Code+test section:

 

2022-06-21T09:29:57.863 [Information] Executing 'Functions.add_device_to_aad_group' (Reason='This function was programmatically called via the host APIs.', Id=2f44b2d9-4544-4051-b459-a01c9f7ef627)
2022-06-21T09:29:57.869 [Information] INFORMATION: PowerShell HTTP trigger function processed a request.
2022-06-21T09:29:58.040 [Information] OUTPUT: eyJ0eXAiOiJKV1QiLCJub25jZSI6InhFNEloa2wwcURjQ1d2WmhrTllGeHBEdkFicjlVdTVPbkNDdTFqUElIVTQiLCJhbGciOiJSUzI1NiIsIng1dCI6ImpTMVhvMU9XRGpfNTJ2YndHTmd2UU8yVnpNYyIsImtpZCI6ImpTMVhvMU9XRGpfNTJ2YndHTmd2UU8yVnpNYyJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC84NDI1ZGI0OC00NTU4LTQzZTgtOWE0YS05N2E2YzAzN2ZmYmQvIiwiaWF0IjoxNjU1ODAzNDk3LCJuYmYiOjE2NTU4MDM0OTcsImV4cCI6MTY1NTgwNzM5NywiYWlvIjoiRTJaZ1lBaDRWSFhxc0kyWEw3OHA2OFA3eHhuY0FBPT0iLCJhcHBfZGlzcGxheW5hbWUiOiJHcmFwaF9GdW5jdGlvbiIsImFwcGlkIjoiYTIxNDY0ZTktZDQ0NS00YzEzLWIzNjYtOWI4ZWQxZmYyYmFmIiwiYXBwaWRhY3IiOiIxIiwiaWRwIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvODQyNWRiNDgtNDU1OC00M2U4LTlhNGEtOTdhNmMwMzdmZmJkLyIsImlkdHlwIjoiYXBwIiwib2lkIjoiMzNhZGJlYjUtOGViMC00N2Q1LTlhZWQtZjNjMWFkYTk2YTk4IiwicmgiOiIwLkFVY0FTTnNsaEZoRjZFT2FTcGVtd0RmX3ZRTUFBQUFBQUFBQXdBQUFBQUFBQUFCSEFBQS4iLCJyb2xlcyI6WyJEZXZpY2UuUmVhZC5BbGwiXSwic3ViIjoiMzNhZGJlYjUtOGViMC00N2Q1LTlhZWQtZjNjMWFkYTk2YTk4IiwidGVuYW50X3JlZ2lvbl9zY29wZSI6IkVVIiwidGlkIjoiODQyNWRiNDgtNDU1OC00M2U4LTlhNGEtOTdhNmMwMzdmZmJkIiwidXRpIjoiUkZxQTNiMzVma1dMWkRqMWRiRk9BQSIsInZlciI6IjEuMCIsIndpZHMiOlsiMDk5N2ExZDAtMGQxZC00YWNiLWI0MDgtZDVjYTczMTIxZTkwIl0sInhtc190Y2R0IjoxNDIyMjc5NzA2fQ.MO0jac-XW8u5TWudU7xGSAV50wHn2EYIJ1fCExm3jQGRb9gM4kVHOiECOADNVjegGmdoQ69SG__hZoHmJNpev6h_hxNgBCV25lqgcd7NCB5Ver__KfFc7G8Lt4EciVQHFDBBmJcYb7mjipgFwi0pIFBikn2Hws6F_6rSy4Nha6KHpnYGhL5Eu50OfSwEF5DKHADfDJh-KZsSY0BBZxP0B278cn6WR25ljsVLftsubzbycuxiDxczKWI2XXT4nRoTkI9GiHXSk9-QmiDAX5QJYlnzEKLlYkJ4tpNjvWmhm3XnJAfXzbdQblTcNSxweUbyW2hfRjjRF72cJO6YG5-MMg
2022-06-21T09:29:58.042 [Information] Executed 'Functions.add_device_to_aad_group' (Succeeded, Id=2f44b2d9-4544-4051-b459-a01c9f7ef627, Duration=178ms)
 
but i dont see it being added to the azure group?
 
I made sure to fill out the group ID1 and group ID2 in the powershell script, and the URL to the function app
 
Any ideas?
 
Sorry for all the questions 
 

i think i found the issue, its something my end. the AzureAD Join process didnt work due a restriction we have in place

Share this post

Link to post
Share on other sites
This_guy Newbie

This_guy

Posted
Posted

Noob here, so excuse me if this is dense.  Will this work without Config Manager actively being used?  Can I just run the  

ServiceUI.exe -process:explorer.exe %SYSTEMROOT%\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -File Win.AP.Sweepback_part1.ps1

manually or via a script?

Share this post

Link to post
Share on other sites
anyweb Rising Star

anyweb

Posted
Posted

yes you can run it without ConfigMgr, it's just a Powershell script after all, the ServiceUI.exe file make's it run in SYSTEM context,

however, how do you intend to deploy this script to your devices ?

Share this post

Link to post
Share on other sites
This_guy Newbie

This_guy

Posted
Posted
55 minutes ago, anyweb said:

yes you can run it without ConfigMgr, it's just a Powershell script after all, the ServiceUI.exe file make's it run in SYSTEM context,

however, how do you intend to deploy this script to your devices ?

Thank you! I have an RMM agent running on the workstations.  

Share this post

Link to post
Share on other sites
kjeska Newbie

kjeska

Posted
Posted (edited)

Hi. I'm testing this, but we want to disable Windows Hello. We don't use ConfigMGR as well, just another MDM-solution, so that step can be skipped. Will the Intune policies hit the client before the windows hello setup or do we need to put this in the process?

Edited by kjeska

Share this post

Link to post
Share on other sites
anyweb Rising Star

anyweb

Posted
Posted

the intune policies will hit as soon as the device becomes managed by Intune which usually occurs after we join Azure AD,

why do you want to disable Windows Hello For Business ?

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go to topic listing
×
×
  • Create New...