Broken User Profiles on Azure AD Joined Devices

MagicHappenZ 41 Reputation points
2022-09-16T07:59:19.917+00:00

Hello,

we have a problem with Azure AD joined devices. The devices are provisioned with Autopilot and users are signed in with on-prem AD accounts that are synced to the cloud. The problem occurs randomly and is similar to what is described here: https://techcommunity.microsoft.com/t5/windows-10/hybrid-azure-ad-users-black-screen-flashing-taskbar-explorer/m-p/3584364.

As soon as a user is affected the account password does not work. A login via "Others" is successful but depending on OS version, multiple problems occur afterwards.

  • Taskbar or explorer task flickering
  • permission denied errors when accessing programs
  • Windows button does not work
  • Task Manager does not start
  • etc.

I could find a lot of threads about the issue but no reaction from Microsoft so far. I hope there is anything we could do to stop it and fix the affected users/devices.

Windows for business | Windows Client for IT Pros | User experience | Other
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. JimmySalian-2011 42,511 Reputation points
    2022-09-16T08:19:53.09+00:00

    Hi Mario,

    The best approach will be to raise a ticket with Microsoft and escalate internally via the Account Manager for quick response it seems it is widespread by reading at the comments from tech forum.

    Other step you can try is to remove the user to a OU that is not sync, run a delta sync, object will be deleted in Azure AD, allow to sync back to AAD via in scope OU and test again the login process, as the SSO process is broken it will require detailed logs from the device. IMHO worth trying for the affected user.

    create-ticket

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

  2. MagicHappenZ 41 Reputation points
    2022-09-16T08:23:03.12+00:00

    Hi @JimmySalian-2011 ,

    thank you for your answer but we already have a ticket open and tried to escalate without much look. Reaching out to the community is somewhat already an act of desperation...

    Best,
    Mario


  3. Jason Sandys 31,406 Reputation points Microsoft Employee Moderator
    2022-09-16T14:31:28.747+00:00

    Completely side comment here: you don't log into AADJ systems with on-prem accounts at all. You log in with AAD accounts only. This account may be synced/in-sync with an on-prem account and thus look like the same account to the end-user, but it is in fact a distinct account. This may seem superficial, but it is an important distinction to make for IT pros.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.