Broken User Profiles on Azure AD Joined Devices

Question

Broken User Profiles on Azure AD Joined Devices

MagicHappenZ 41

Hello,

we have a problem with Azure AD joined devices. The devices are provisioned with Autopilot and users are signed in with on-prem AD accounts that are synced to the cloud. The problem occurs randomly and is similar to what is described here: https://techcommunity.microsoft.com/t5/windows-10/hybrid-azure-ad-users-black-screen-flashing-taskbar-explorer/m-p/3584364.

As soon as a user is affected the account password does not work. A login via "Others" is successful but depending on OS version, multiple problems occur afterwards.

Taskbar or explorer task flickering
permission denied errors when accessing programs
Windows button does not work
Task Manager does not start
etc.

I could find a lot of threads about the issue but no reaction from Microsoft so far. I hope there is anything we could do to stop it and fix the affected users/devices.

3 answers

Your answer

Answer 1

Hi Mario,

The best approach will be to raise a ticket with Microsoft and escalate internally via the Account Manager for quick response it seems it is widespread by reading at the comments from tech forum.

Other step you can try is to remove the user to a OU that is not sync, run a delta sync, object will be deleted in Azure AD, allow to sync back to AAD via in scope OU and test again the login process, as the SSO process is broken it will require detailed logs from the device. IMHO worth trying for the affected user.

create-ticket

==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

MagicHappenZ 41

Hi @JimmySalian-2011 ,

thank you for your answer but we already have a ticket open and tried to escalate without much look. Reaching out to the community is somewhat already an act of desperation...

Best,
Mario

JimmySalian-2011 42,511 Reputation points

2022-09-16T08:26:06.017+00:00

@MagicHappenZ apologies I said Mario, hope you get a quick resolution. Do you have logs to share from the devices that are affected? upload to dropbox or onedrive.
MagicHappenZ 41 Reputation points

2022-09-16T10:05:07.503+00:00

@JimmySalian-2011 me too, it really gets more and more serious. I am able to login with an Azure Device Admin user to the affected devices. Which logs would be most helpful you think? Except from some explorer.exe crashes caused by twinui.pcshell.exe there is not much related to the date it started. That's why I suspected the custom start layout we enrolled via mem, do you think it could be related? Apart from that we also started using Azue AD Cloud sync for groups and service accounts which we also started suspecting.
JimmySalian-2011 42,511 Reputation points

2022-09-16T13:30:46.54+00:00

Export event logs from the device AAD, and provide the crash dmp file please. I will run a debug and check, also provide OS version and patches.
MagicHappenZ 41 Reputation points

2022-09-19T09:50:39.02+00:00

Hey @JimmySalian-2011 ,
I exported all the event logs from the device but I don't know what you mean with "crash dmp files". These are usually created on Windows crash or I can generate them via Taskmanager for a dedicated process but don't know if you meant that. Also how can I share the files with you? Since it's a corporate device I don't want to share it with public. Thank you for your help.

Answer 3

Jason Sandys 31,406 Microsoft Employee Moderator

Completely side comment here: you don't log into AADJ systems with on-prem accounts at all. You log in with AAD accounts only. This account may be synced/in-sync with an on-prem account and thus look like the same account to the end-user, but it is in fact a distinct account. This may seem superficial, but it is an important distinction to make for IT pros.

MagicHappenZ 41 Reputation points

2022-09-16T14:34:03.017+00:00

@Jason Sandys sorry for the wording. I am completely aware of that, I wanted to make clear the accounts are synced from on-prem. It's related to the fact I am not a native speaker so please bear with me :).

Share via

Broken User Profiles on Azure AD Joined Devices

3 answers

Your answer