Unable to Sync Windows Server 2012 R2 Devices to Azure AD through AAD-Connect

Zach 126 Reputation points

We are trying to sync our Windows Server 2012 R2 devices to Azure AD so we can leverage MDE and use MEM to push policy.

The devices were added in scope for OUs in AAD-Connect app, and I can see the Adds happening but I don't seem them show under the Azure Active Directory Portal Devices section.

we followed documentation here: [https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/troubleshoot-security-config-mgt?view=o365-worldwide#instructions-for-applying-computer-join-rule-in-aad-connect

this was needed for us to be able to get 2012 R2 devices to sync, but the issue still persists, and it looks like the info on metaverse object properties shows these devices as ("cloudFiltered" = true) which is what we think is causing the issue even after changing the rule and a full sync.

is there something wrong with the rule? or any further change we need to make?

Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,512 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
11,754 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,736 questions
0 comments No comments
{count} votes

Accepted answer
  1. Thameur-BOURBITA 29,611 Reputation points

    it seems that problem comes from the value of [usercertificate] attribute in the computer object of the server Windows 2012 R2. You should check it and regenerate new one if possible. the following link can help you to generate new value on usercertificate attribute:

    Hybrid Azure AD Join – Fixing error message: Server error: The user certificate is not found on the device with id:

    Please don't forget to mark helpful answer as accepted*

    1 person found this answer helpful.

3 additional answers

Sort by: Most helpful
  1. Andy David - MVP 138.6K Reputation points MVP

    You see the adds in the connector? how about the export to Azure? Do see them there?

    Any errors being generated in the Sync Manager

  2. Thameur-BOURBITA 29,611 Reputation points


    It seems that your server has been filtered by a synchronization rule in adconnect.

    In the metaverse ,you can identify the rule which force the attribute "cloudFiltered" = true.

    I will show how you can get the list of filter applied by this rule.

    Once you identify the rule name , go to Synchronization Rules Editor

    Synchronization Rule Editor Menu

    Then select the rule identified in the first step then click on view :

    Synchronization Rule Editor

    Go to scoping filter , you will find all filter applied by this rule . Now you can identify which filter impacted your server

    Filtre d’étendue des règles entrantes

    Please don't forget to mark helpful answer as accepted

  3. Limitless Technology 44,091 Reputation points


    In most cases, this happens because an incorrect assignment into the AD group for the devices. If that has been checked correct, I can recommend to schedule a full sync to ensure that they are detected.


    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments