Forum Discussion
Issue after sync with Azure AD Connet
Hello Marco,
It would be great to see the configuration of your AD Connect. (a screenshot would be enough)
Regarding the syncing of your users, you have filters in the AD Connect configuration wizard: Select the domains to be synchronized using the Azure AD Connect wizard
Look at the picture inside the link I've provided. Domain and OU filtering -> Sync selected domains and OUs.
Hello mikhailf
I have something like this in AD:
and in Azure AD Connect, in Domain and OU filtering I have configured this:
In Azure AD All Devices I see this:
I replied in the test environment what I have in my company AD; in Azure AD also replied the status quo, with all devices Azure AD Registered (because we have Office desktop apps on them); I suppose to have the behaviour in the screen because I have done a first sync without the OU where I have the computers, and then added them to the sync; what I expected, even with this 2 steps, was that I have, after some time, only one notebook per user and with hybrid registration; I can't disable the Azure AD Registered because I've seen that the apps on them are unusable.
Hope to have clarified.
Hello Marco,
It is expected behavior. When you added a device for the first time, it was registered. Then you reconfigure it and it becomes Azure Hybrid AD Joined. AAD sees this device as a new with a new ObjectID (DeviceID) in Azure. Because of that ObjectID (DeviceID), you see two devices with the same name.
You have "Columns" in the upper panel. Click on it and look for "Last Activity" or "Last Check-in" thereby you will be able to see what devices are in use and what are not in use. I assume that registered devices will be not in use. When you ensured that the registered devices are not in use (Not connecting to AAD) you can remove them.
I removed Registered devices several times and didn't have any issues with them. You can check this article to find out more about Registered to Hybrid Azure AD Joined change. Handling devices with Azure AD registered state"Any existing Azure AD registered state for a user would be automatically removed after the device is hybrid Azure AD joined and the same user logs in."
I hope this helps you.
It is good that it's a lab environment. You can try everything 🙂
Hello mikhailf and other,
I left my lab for some times without any action; now I loaded the AD portal devices page and found that every device has an activity near tha day I'm writing this message, so, for example, for my test client I have an activity for the Azure AD Registered and also for the Hybrid counterpart; I expected that, after ingested the device and it became Hybrid registered, I have no activity on the AAD registered item.
I tried to disable the AAD registered device, but after have restarted it, I can't use Teams and Office: how I can solve the issue? I can't have and start a production environment where I have duplicated clients and can't disable the AAD registered; I red the documentation but it seems that what is written sometimes doesn't happens.
I attach a screenshot.
What I'm not understanding or doing wrong?
Hello MarcoMangianteIM ,
Could you please remind me if it is possible to re-enroll this device?
I mean to remove it from Intune, Azure AD, Disconnect it on the workstation side and then to do everything from the beginning?
I think this would be the best way.
Helllo mikhailf
thanks for you reply. I read that article when I started my experiments and interpreted that word as an automatic cancellation of the device, after some time, from the list; I say this because in my first lab I obtained this result, but the difference is that in my first iteration I synced the OU with computers at the start with the others data and object and also checked the password hash sync option, but I suppose this is not relevant for the devices.
From what I've see, the Registered and Activity colums have, for the Azure AD Registered devices, the date when I created the devices for my test and installed the apps for Office (and Teams), while the hybrid counterpart has the date of ingestion; I noticed 2 things: the ingestion was 6 May andd from that date I can't see any update date, while I accessed the devices and also if, as I said in my previous post, if I disable my Azure AD Registered device, I can't use Office apps; I've done the command dsregcmd /status but it seems that I have no error.
What I expected was that the Azure AD Registered devices disappeared automaticallly, or, like in your case, I have the possibility do delete them without any issue.
Thanks.