Wrong Autopilot Device disabled

Question

Hi all

I decided to set up a deployment solution with WDS/MDT as a first step and Autopilot as a second step.

WDS/MDT to create a unique and clean image for each machine.

This is a user-driven Autopilot deployment for existing devices. All in an AD/AAD/Intune environment.

The registration of my devices is done automatically via the AutopilotConfigurationFile.json file which is added to the machine via a task during the MDT deployment. I've also enabled the "Convert all targeted devices to Autopilot" option

No problem for the WDS/MDT part.

A priori, no problem for the Autopilot part either. My apps and policies are successfully installed through Intune. I created a dynamic group with the following dynamic rule: (device.enrollmentProfileName -eq "OfflineAutopilotProfile-ProfiID")

At the end of the deployment I end up with 1 object in the AD, 1 in the AAD and 1 in Intune. The 3 bearing the same name.

The problem comes from my Autopilot object, it is created after some time but it is not connected to any of the machines above.

It is linked to a disabled AAD object that is named after the machine's serial number. The default Autopilot profile is assigned to him, no contact has taken place with him.

I can leave it for several days and nothing changes. I deployed on several different machines (Surface, HP, VM) to achieve the same result: An Autopilot object linked to no AAD or Intune machines.

Do you have any idea what's not working properly?

Thanks in advance

Answer 1

@Nathanael FLOTTES, Thanks for posting in Q&A. From your description, it seems that the Autopilot object is being created but not connected to the machine record which is working well in Intune. Could you confirm if you are using the Task Sequence Template and Scripts in the following link to do this.

https://www.deploymentresearch.com/using-mdt-with-windows-autopilot-for-existing-devices-task-sequence-template-and-scripts/

Note: Non-Microsoft link, just for the reference.

Based as I know, the device added into the dynamic group and the profile status will change from Unassigned to Assigning and finally to Assigned, it may take some time. If the enroll occurs before the device is ready, our issue can occur. You can check the profile assigned and the Intune enrolled time to confirm on this.

Hope the above information can help.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Thank you for your reply.

Yes, I use exactly this method for my deployment. I also use this method to assign applications to my deployed machine: https://www.deploymentresearch.com/windows-autopilot-for-existing-devices-creating-a-dynamic-group/

The object was created and assigned some time after I was deployed. But the associated Microsoft Entra device doesn't match the Entra machine that was created during deployment.

Here's a screenshot of the Autopilot object I get after my deployment :

It's the SN of my device and No my "PC-1234" machine on AD/AAD and Intune.

Answer 3

I also add the results of the Autopilot diagnostics script. I don't know if this is normal or not but I notice at least 2 inconsistencies.

No profile ID is specified, and the scenario is AAD even though it is a hybrid junction.

Answer 4

Here are the AAD objects related to this device. We do have an AAD object and a HAADJ. You can see that the problem is with the AAD object.