learningmode Posted August 23, 2022 Report post Posted August 23, 2022 Hi everyone, I tried searching for this before posting, but didn't see any. So, here we go... Issue: Trying to have domain devices enroll into intune (hybrid join). What I am not seeing when I look at "dsregcmd / status" are the mdmURL's that should be displayed in there. ======================== What has been checked: Configuration side: Windows Enrollment for MDM user scope is set for "All" and MAM user scope is none. Azure AD Connect is synced to the OU with particular Devices Created GPO and enabled "enabled automatic enrollment using default Azure AD credentials" and have User Credentials set. GPO is linked to the particular OU Users are licensed with MSFT E3 Device side: Confirmed device receiving GPO Seeing error event ID 76 in the event log dsregcmd /status does show Domain joined: Yes and Azure Joined: Yes ======================== Question / statement: Am I missing anything? One thing to note, that i'm not sure makes a difference is that the environment does have SCCM / co-managed. I don't see if that makes a difference. To me, i'm leaning towards something with users... because the MDM User scope is what should bring the URL, if I am thinking correctly. Thanks, Quote Share this post Link to post Share on other sites More sharing options...
learningmode Posted August 24, 2022 Report post Posted August 24, 2022 Continuing troubleshooting...... Double checked the Azure AD Connect to see proper synchronization of the user and device OU's. Which they are correctly checked. For kicks, Grabbed device that is not domain joined, and manually azure joined the device. It was success and the device shows up enrolled to Intune. Here is another problem: When tried to log into the device, it does not recognize the credentials. Even the same credential used to join the device. There was another device that had been AAD Joined in the past, so grabbed that device and tried logging into it..... Same thing, does not recognize the credentials. So, it leads me back to the Azure AD Connect sync??? Something is not right with the users side of the house ============ Anyone has any idea what it could be? Thanks, Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted August 25, 2022 Report post Posted August 25, 2022 I noticed a change with Azure AD Connect sync recently in one of my labs, password sync also failed, after looking in AAD in the Azure AD Connect node, I saw that it also wants agents installed, i've highlighted it here, you can check the status in Azure Active Directory, if you have none of these agents installed, then install at least one and verify it's listed in AAD, once I had done this my passwords synced correctly you can download the agent required via the Pass-through authentication download link here Quote Share this post Link to post Share on other sites More sharing options...
learningmode Posted August 25, 2022 Report post Posted August 25, 2022 Ah, I will check this. I do see the "Pass-through auth" is disabled. For this environment, Federation is enabled, would it matter? Would you think there would be an impact if having both federation and pass-through enabled? Also, the environment does have Okta, so, i'm not sure if that is oddly causing any problem. Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted August 25, 2022 Report post Posted August 25, 2022 I'll have to investigate that, have you tried first of all verifying the version of Azure AD connect you are using and update to the latest, see does that resolve things if not, look into adding a pass-through auth agent, if that works great, if not, uninstall it Quote Share this post Link to post Share on other sites More sharing options...
learningmode Posted August 27, 2022 Report post Posted August 27, 2022 On 8/25/2022 at 12:43 PM, anyweb said: I'll have to investigate that, have you tried first of all verifying the version of Azure AD connect you are using and update to the latest, see does that resolve things if not, look into adding a pass-through auth agent, if that works great, if not, uninstall it The pass-through was enabled and downloaded, however didn't seem to fix the issue. Still investigating.... Quote Share this post Link to post Share on other sites More sharing options...
learningmode Posted September 14, 2022 Report post Posted September 14, 2022 I wanted to update status.... I do not have a real solution to update. Although, things seems to be working now and Hybrid devices are enrolling now. The only thing that I could think of that maybe was a change, was enabling the "Microsoft Intune Enrollment" in the Mobility (MDM and MAM. I was told to just do "Microsoft Intune" and not worry about the "Microsoft Intune Enrollment" in the past. I could be wrong since it is working, either if it was because of that or other things. Thanks, Quote Share this post Link to post Share on other sites More sharing options...
