import configuration to new server device writeback

Skip Hofmann 336 Reputation points


We are currently in a hybrid configuration. All devices are either "Azure AD joined" or "Hybrid Azure ad joined". I will be exporting configuration settings from one azure ad connect server to different server. When looking at the primary servers config settings i noticed that "Device Writeback is enabled, but i dont see "hybrid azure ad join". If i go through the azure ad connect wizard under "device options", attached is what i see. However if run the below command to check the existence of an SCP, i find "
azureADId:b9921086-ff77-4d0d-828a-cb3381f678e2". I am trying to understand when i import the config settings to the new server, do i need to select "Configure hybrid azure ad join" , or "Device write back". It looks like both are currently configured , because a SCP does exist in onprem AD, and when looking at the exported config file , i can see the location for "deviceWritebackDistinguishedName"

(get-adobject -filter * -SearchBase "CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,$((get-adrootdse).configurationNamingContext)" -Properties keywords).keywords



Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,768 questions
No comments
{count} votes

Accepted answer
  1. Givary-MSFT 12,001 Reputation points Microsoft Employee

    @Skip Hofmann

    Apologies for the delay in answering this post. As I understand you are looking for information on import configuration for Device writeback on your new Azure AD Connect Server.

    Comparing the originally imported settings file with the exported settings file of the newly deployed server is an essential step in understanding any differences between the intended versus the resulting deployment.

    However there is known limitation with Device Writeback configuration while performing import to the new Azure AD Connect Server. They aren't currently applied during configuration. If device writeback was enabled for your original server, you must manually configure the feature on the newly deployed server, same has been documented here

    Reference on how to enable device writeback -

    Let me know if you have any further questions.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    No comments

0 additional answers

Sort by: Most helpful