This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 89%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBP%3C/text%3E%3C/svg%3E)
We are planning the enrolment all of our on-prem Windows 10 devices to Azure AD via Azure AD connect to make them all Hybrid Azure AD joined then will we enrol them into intune.
At the moment I am currently in the testing phase with a handful of devices. However, I am experiencing a dual state for some of the devices. From reading the Microsoft documentation if the user has AD registered the device before the Hybrid join then a dual state will occur. If devices are on 1803 or above when the same user logs into the device the dual state/AD registered part will be removed and Azure AD will be left with the Hybrid joined one.
This is not the case for me I am still seeing a dual state for the device even after signing back into the machine it has not removed the dual state. My devices are on 1903, therefore, the AD registered dual state should be removed and I should be left with only the Hybrid joint device in azure. I have also read somewhere if the device is managed by intune it will not remove the dual state, I can confirm the device is not managed by intune either at the moment.
Can anyone help? , ideally, I don't want to be asking users to remove the AD registered manually on each device. Is there an option for me to remove all AD registered devices opposite to doing it manually? before I hybrid join the devices.
Thanks in advance
Bindesh
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 45%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJV%3C/text%3E%3C/svg%3E)
If you have SCCM, you are lucky and can deploy script which can first check if the device is in dual state and run dsregcmd /leave, followed by restart of the device, which will add the device back to AAD.
Did you deploy original image 1903 or upgrade from older version?
Thanks for your reply,
We do have SCCM in place, I will look into trying this out I only have a few machines in a dual state which are my test machines. So I will just need to run dsregcmd /leave on all the machines whether they are AD registered or not so it's all covered. Then I can reconfigure the Azure AD Connect to sync all the OU's with the devices to get them to hybrid join.
Its a mix of deployments, half the machines are 1903 original image and half are upgraded from an older version.
Thanks
Bindesh
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 11%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Hi @Bindesh Patel ,
The best way to do the removal in bulk is by running ps commands.
You can use the below command
$dt = [datetime]’2018/12/12’
Get-MsolDevice -All -LogonTimeBefore $dt | select-object -Property DeviceId | foreach {$.DeviceID} | foreach {$.Guid} | Remove-MsolDevice -Force
To delete with a time older than specific date
Reference : https://learn.microsoft.com/en-us/powershell/module/msonline/remove-msoldevice?view=azureadps-1.0
Thanks for the reply,
The PS commands will remove the devices from Azure AD but the connection will be left on the clients PC side right? I have read somewhere that this will cause issues for users not being able to sign office 365 apps? is that right? , the connection has to be removed from the client device before removing them before Azure AD ?
Thanks
Bindesh