Forum Discussion

Maxi_Bh's avatar
Maxi_Bh
Copper Contributor
Nov 08, 2024

User and Permissions Management Issues in Microsoft Entra ID (Assigned Roles)

Hello everyone,

I’m encountering some challenges with user and permission management in Microsoft Entra ID. Here are the main issues I'm facing:

  • Revoking Local Administrator Permissions: After removing a user from the Local Device Administrator group in Microsoft Entra, the device continues to recognize the user as an administrator, even after multiple synchronization attempts. What’s the recommended procedure to force a permissions update on the associated devices?
  • Device Join Issue via PowerShell: I'm trying to join a device to Microsoft Entra ID using PowerShell with the command dsregcmd /join to force a policy update, but I'm encountering the following error:
    • Error 0x80041326: "Failed to schedule Join Task. Error: 0x80041326."
      Does anyone know how to resolve this issue or have suggestions for an alternative approach to join the device or enforce the policy? I’ve checked permissions and task scheduling services, but the problem persists.

Has anyone experienced similar issues or have suggestions on how to address these challenges? Any advice would be greatly appreciated!

Thanks so much in advance!

azure
Azure Active Directory (AAD)
Azure AD Domain Services

1 Reply

Sort By
  • Mks_1973's avatar
    Mks_1973
    Iron Contributor
    Nov 11, 2024

    try these:

    Force Sync from Device: Try restarting the device to see if the permissions update takes effect.
    Intune Sync: If you're using Microsoft Intune, initiate a sync from Intune to push the updated policy to the device.

    Go to Microsoft Endpoint Manager Admin Center > Devices > Select the affected device > Sync.

    Manual Update: Run the following command on the device to force policy updates:
    gpupdate /force

    If permissions are still not updated, clear cached credentials

    Run dsregcmd /leave to disconnect the device from Entra ID.
    Rejoin the device using dsregcmd /join

     

     

    Ensure that you are running PowerShell with elevated permissions (Run as Administrator) when using dsregcmd /join

    Check Task scheduler for any errors in related tasks

    Review Azure AD Logs
    Review event Viewer on the affected device.

Resources