Share via

machines are not syncing from SCCM to AAD

Clivebuckwheat 5 Reputation points
2023-10-11T01:12:19.4233333+00:00

I am trying to sync my SCCM collections with Azure Ad/intune while a lot of the machines have synced properly. I have about 500 machines that have failed to sync. The error is "Member does not have AAD ID". When I look at the properties of a client that has failed to sync, it most certainly does have an Azure Active directory ID populated in SCCM. All the clients I am trying to sync are Hybrid joined as well.

How do I fix these troublesome clients that refuse to sync?

Microsoft Security | Intune | Configuration Manager | Other
Microsoft Security | Intune | Other
Microsoft System Center | Other
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Simon Ren-MSFT 40,341 Reputation points Microsoft External Staff
    2023-10-11T08:33:25.99+00:00

    Hi,

    Thank you for posting in Microsoft Q&A forum.

    1,Similar thread for your reference. The solution is to update the Azure AD web app with the latest Configuration Manager settings.

    [https://learn.microsoft.com/en-us/answers/questions/1164434/sccm-collection-cloud-sync-to-azure-ad-group-(co-m](https://learn.microsoft.com/en-us/answers/questions/1164434/sccm-collection-cloud-sync-to-azure-ad-group-(co-m)

    2,For those machines that have failed to sync, we can run the command dsregcmd.exe /status to check if they are AAD joined. We can also consult ClientIDManagerStartup.log and ADALOperationProvider.log on the client side to see if there is any further information.

    3,Also please check the CollectionAADGroupSyncWorker.log on the server, it is the log file for synchronization of collection membership results to Azure Active Directory.

    Here is a good article to troubleshoot SCCM collection sync to AAD group for your reference:

    Troubleshooting: Endpoint Configuration Manager Device Collection Membership Synchronization

    Thanks for your time. Have a nice day!

    Best regards,

    Simon

    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Simon Ren-MSFT 40,341 Reputation points Microsoft External Staff
    2023-10-18T09:52:26.2033333+00:00

    Hi,

    Hope everything goes well. Do you need any further assistance about this issue? If yes, please feel free to let us know, we will do our best to help you.

    If the response is helpful, it's appreciated that you could click "Accept Answer" and upvote it, this will help other users to search for useful information more quickly.

    Thanks for your time.

    Best regards,

    Simon

    0 comments
  3. Clivebuckwheat 5 Reputation points
    2023-10-18T17:33:04.18+00:00

    Ok so on the clients that are failing to sync with AzureAD I checked the ClientIDManagerStartup.log they all have the same error "Failed to get AAD token, 0x8007052e"

    and in the SCCM database the AADTenantID has a value of "Null"

    Lastly all clients that I am trying to sync from SCCM to AzureAD are azureAD Joined.

    Please advise a course of action to fix this?

    0 comments
  4. Simon Ren-MSFT 40,341 Reputation points Microsoft External Staff
    2023-10-19T09:08:56.2466667+00:00

    Hi,

    Thanks for your reply.

    The error 0x8007052e means "The user name or password is incorrect". Please double check the user name and password used to sync SCCM collections with Azure AD.

    Thanks for your time. Have a nice day!

    Best regards,

    Simon

    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.