import configuration to new server device writeback

Skip Hofmann 341 Reputation points
2022-06-08T17:34:16.17+00:00

Hello

We are currently in a hybrid configuration. All devices are either "Azure AD joined" or "Hybrid Azure ad joined". I will be exporting configuration settings from one azure ad connect server to different server. When looking at the primary servers config settings i noticed that "Device Writeback is enabled, but i dont see "hybrid azure ad join". If i go through the azure ad connect wizard under "device options", attached is what i see. However if run the below command to check the existence of an SCP, i find "azureADName:mydomain.com
azureADId:b9921086-ff77-4d0d-828a-cb3381f678e2". I am trying to understand when i import the config settings to the new server, do i need to select "Configure hybrid azure ad join" , or "Device write back". It looks like both are currently configured , because a SCP does exist in onprem AD, and when looking at the exported config file , i can see the location for "deviceWritebackDistinguishedName"

(get-adobject -filter * -SearchBase "CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,$((get-adrootdse).configurationNamingContext)" -Properties keywords).keywords

209578-image.png

209566-pic1.png

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,428 questions
0 comments
Accepted answer
  1. Givary-MSFT 27,566 Reputation points Microsoft Employee
    2022-06-10T04:10:57.537+00:00

    @Skip Hofmann

    Apologies for the delay in answering this post. As I understand you are looking for information on import configuration for Device writeback on your new Azure AD Connect Server.

    Comparing the originally imported settings file with the exported settings file of the newly deployed server is an essential step in understanding any differences between the intended versus the resulting deployment.

    However there is known limitation with Device Writeback configuration while performing import to the new Azure AD Connect Server. They aren't currently applied during configuration. If device writeback was enabled for your original server, you must manually configure the feature on the newly deployed server, same has been documented here

    Reference on how to enable device writeback - https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-device-writeback

    Let me know if you have any further questions.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest