Jump to content


Recommended Posts

Hi everyone, 

I tried searching for this before posting, but didn't see any.  So, here we go... 

Issue: 

Trying to have domain devices enroll into intune (hybrid join). What I am not seeing when I look at "dsregcmd / status" are the mdmURL's that should be displayed in there.  

========================

What has been checked: 

Configuration side: 

  • Windows Enrollment for MDM user scope is set for "All" and MAM user scope is none. 
  • Azure AD Connect is synced to the OU with particular Devices
  • Created GPO and enabled "enabled automatic enrollment using default Azure AD credentials" and have User Credentials set.  
  • GPO is linked to the particular OU
  • Users are licensed with MSFT E3 

Device side: 

  • Confirmed device receiving GPO
  • Seeing error event ID 76 in the event log
  • dsregcmd /status does show Domain joined: Yes and Azure Joined: Yes

========================

Question / statement: 

  • Am I missing anything?
  • One thing to note, that i'm not sure makes a difference is that the environment does have SCCM / co-managed.  I don't see if that makes a difference.  
  • To me, i'm leaning towards something with users... because the MDM User scope is what should bring the URL, if I am thinking correctly. 

 

Thanks, 

 

 

mdmurl_missing.png

Share this post


Link to post
Share on other sites

Continuing troubleshooting...... 

  • Double checked the Azure AD Connect to see proper synchronization of the user and device OU's. Which they are correctly checked.   
  • For kicks, Grabbed device that is not domain joined, and manually azure joined the device.  It was success and the device shows up enrolled to Intune.  

Here is another problem: 

  • When tried to log into the device, it does not recognize the credentials. Even the same credential used to join the device.  
  • There was another device that had been AAD Joined in the past, so grabbed that device and tried logging into it..... Same thing, does not recognize the credentials.  

So, it leads me back to the Azure AD Connect sync??? Something is not right with the users side of the house

============

Anyone has any idea what it could be?  

 

Thanks, 

 

Share this post


Link to post
Share on other sites

I noticed a change with Azure AD Connect sync recently in one of my labs, password sync also failed, after looking in AAD in the Azure AD Connect node, I saw that it also wants agents installed, i've highlighted it here, you can check the status in Azure Active Directory,

if you have none of these agents installed, then install at least one and verify it's listed in AAD, once I had done this my passwords synced correctly

 

image.png

 

you can download the agent required via the Pass-through authentication download link here

 

image.png

Share this post


Link to post
Share on other sites

Ah, I will check this. 

I do see the "Pass-through auth" is disabled. 

For this environment, Federation is enabled, would it matter?  Would you think there would be an impact if having both federation and pass-through enabled? 

Also, the environment does have Okta, so, i'm not sure if that is oddly causing any problem.  

Share this post


Link to post
Share on other sites

I'll have to investigate that, have you tried first of all verifying the version of Azure AD connect you are using and update to the latest, see does that resolve things

if not, look into adding a pass-through auth agent, if that works great, if not, uninstall it

Share this post


Link to post
Share on other sites

On 8/25/2022 at 12:43 PM, anyweb said:

I'll have to investigate that, have you tried first of all verifying the version of Azure AD connect you are using and update to the latest, see does that resolve things

if not, look into adding a pass-through auth agent, if that works great, if not, uninstall it

The pass-through was enabled and downloaded, however didn't seem to fix the issue.  Still investigating....  

Share this post


Link to post
Share on other sites

I wanted to update status.... 

I do not have a real solution to update. Although, things seems to be working now and Hybrid devices are enrolling now. 

The only thing that I could think of that maybe was a change, was enabling the "Microsoft Intune Enrollment" in the Mobility (MDM and MAM. I was told to just do "Microsoft Intune" and not worry about the "Microsoft Intune Enrollment" in the past.  I could be wrong since it is working, either if it was because of that or other things.  

 

Thanks, 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...