Hybrid Azure AD Join Issue

Question

Hybrid Azure AD Join Issue

karthik palani 1,036

Hi All,

I am trying to enable Co-Management for SCCM & Intune. The Hybrid setup is already enabled in AD connect almost 1 year before

From Azure AD users are synced from AD connect but when i verified the devices most are azure AD registered (most are VPN and Internet connected users) and few are Hybrid AD (mostly intranet users who are connected actively)

I tried removing the devices from Azure AD and resynced for VPN users. Device got reflected but under registration it is PENDING.
Also another concern is most of the users password are not in sync. One of the VPN user using the old password though he has new password and when he tries new password it doesn't logon to his laptop.

Need your advice on where to start checking. Is it ADFS, AD connect level issue. Please suggest

James Hamil 27,221 Reputation points Microsoft Employee Moderator

2021-01-13T20:55:04.027+00:00

Hi, have you looked at any troubleshooting documentation? There are a few reasons why registration could be stuck on pending. For the password sync issue I would start here. If you have any questions on documentation I can help you, but I would recommend going through some troubleshooting documentation. This is a good start.

Best,
James

2 answers

Your answer

James Hamil 27,221 Reputation points Microsoft Employee Moderator

2021-01-13T20:55:04.027+00:00

Hi, have you looked at any troubleshooting documentation? There are a few reasons why registration could be stuck on pending. For the password sync issue I would start here. If you have any questions on documentation I can help you, but I would recommend going through some troubleshooting documentation. This is a good start.

Best,
James

Answer 1

Nick Hogarth 3,521 Volunteer Moderator

Are you using ADFS or password sync? (based on your question "Is it ADFS" and that you said the passwords aren't syncing)

Also what version of Windows 10 is it that are stuck on registered? See https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan#handling-devices-with-azure-ad-registered-state

karthik palani 1,036 Reputation points

2021-01-19T11:57:01.037+00:00

Hi,

Still the Device registration status is Pending. Seems AD connect is Syncing the data immediately after deletion, but status is pending for hybrid

I verified the ADFS certificate and some of the trusted endpoints which is mentioned as a prerequisite for Device registration. In ADFS server, i see an error related to DRS and ADFS. Is this causing the issue. Please suggest

Also from VPN users i am getting below event message under User device registration:

event 334 - "Automatic device join pre-check tasks completed. The device can NOT be joined because a domain controller could not be located. The device must be connected to a network with connectivity to an Active Directory domain controller."
event 220 - "Unable to retrieve the local computer's name in the specified format NameFullyQualifiedDN. Error: The specified domain either does not exist or could not be contacted."

Answer 2

karthik palani 1,036

Hi All,

During my investigation i found that

AD computer account - Published Certificate is expired. Will this cause issue please
Also in ADFS server - Device registration service is stopped - Is it needed

Share via

Hybrid Azure AD Join Issue

2 answers

Your answer