Unable to Sync Windows Server 2012 R2 Devices to Azure AD through AAD-Connect

Zach 111 Reputation points
2023-01-24T21:01:42.0833333+00:00

We are trying to sync our Windows Server 2012 R2 devices to Azure AD so we can leverage MDE and use MEM to push policy.

The devices were added in scope for OUs in AAD-Connect app, and I can see the Adds happening but I don't seem them show under the Azure Active Directory Portal Devices section.

we followed documentation here: [https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/troubleshoot-security-config-mgt?view=o365-worldwide#instructions-for-applying-computer-join-rule-in-aad-connect

this was needed for us to be able to get 2012 R2 devices to sync, but the issue still persists, and it looks like the info on metaverse object properties shows these devices as ("cloudFiltered" = true) which is what we think is causing the issue even after changing the rule and a full sync.

is there something wrong with the rule? or any further change we need to make?

Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,128 questions
Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,712 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
8,216 questions
No comments
1 vote

Accepted answer
  1. BOURBITA Thameur 12,241 Reputation points Microsoft MVP
    2023-01-25T00:57:07.2133333+00:00

    it seems that problem comes from the value of [usercertificate] attribute in the computer object of the server Windows 2012 R2. You should check it and regenerate new one if possible. the following link can help you to generate new value on usercertificate attribute:

    Hybrid Azure AD Join – Fixing error message: Server error: The user certificate is not found on the device with id:

    Please don't forget to mark helpful answer as accepted*


3 additional answers

Sort by: Most helpful
  1. Andy David - MVP 110.1K Reputation points Microsoft MVP
    2023-01-24T21:29:33.28+00:00

    You see the adds in the connector? how about the export to Azure? Do see them there?

    Any errors being generated in the Sync Manager


  2. BOURBITA Thameur 12,241 Reputation points Microsoft MVP
    2023-01-24T21:30:40.19+00:00

    Hi

    It seems that your server has been filtered by a synchronization rule in adconnect.

    In the metaverse ,you can identify the rule which force the attribute "cloudFiltered" = true.

    I will show how you can get the list of filter applied by this rule.

    Once you identify the rule name , go to Synchronization Rules Editor

    Synchronization Rule Editor Menu

    Then select the rule identified in the first step then click on view :

    Synchronization Rule Editor

    Go to scoping filter , you will find all filter applied by this rule . Now you can identify which filter impacted your server

    Filtre d’étendue des règles entrantes

    Please don't forget to mark helpful answer as accepted


  3. Limitless Technology 9,561 Reputation points
    2023-01-25T17:00:49.56+00:00

    Hello,

    In most cases, this happens because an incorrect assignment into the AD group for the devices. If that has been checked correct, I can recommend to schedule a full sync to ensure that they are detected.

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-feature-scheduler#start-the-scheduler

    --If the reply is helpful, please Upvote and Accept as answer--

    No comments