Forum Discussion
Autopilot Company owned
Hy,
Yes, you are right, the issue is well known by Microsoft and they still confirm that in a hybrid environment you should only have one hybrid artifact in Entra per device after the initial sync.
Regarding your device, you might want to try looking at the logs on your Entra Connect server to see if there is anything related to this.
How about deleting the device from Intune and running a dsregcmd /leave and after a join?
Good luck!
I do not see how a DSREGCMD /Leave/Join could resolve this issue, as this command will remove the device from Entra ID and rejoin the device to Entra ID. Thus the Hybrid Joined device will be removed from Entra ID as that object represents the physical device, but is not present in the Intune Database. The registered device in Intune, is the old Object which is Entra ID joined and is stale. To remove that device i would need to delete that device in Intune, but the newly rejoined device would not be enrolled in Intune.
I guess this can only be fixed by deleting all device objects referebcing the physical device in Intra ID and Intune, and then redeploy the device with Autopilot.
Bogdan_Guinea I had a call with Microsoft Support about these double device issue in Entra ID a year back, and they told me to disable the Stale device, but not to delete them....
Disabling and not deleting still means an obsolete device, not the right approach at this point, annoying MS 🙃 and yes normally in a hybrid infrastructure they shouldn't exist.
if that doesn't make sense with dsregcmd, even if you haven't tried it, I would suggest you try it with a new OU and a test device , after Sync to Entra Connect so you can see how it shows up.
I don't know your E. Connect config, so it could also be a misconfiguration.
yes, you could try Autopilot to get around this issue, you need a “domain join” config profile/templates in order for you to maintain your hybrid infra.
Good luck!
Bogdan_Guinea I am sorry i doubted your advice, but it really works. Have tested this on two machines.
You need to login to the device and open cmd in administrator mode. Then you need to run the command DSREGCMD /leave. Checking the status (DSREGCMD /Status) before the leave shows that the device is Hybrid Ad joined. After the leave the status shows that the device is not Entra-ID joined. Then you need to reboot the device. Once the device is rebooted you again check the status and see althoughyou performed a leave the device is still Hybrid AD joined. At this moment the Entra-ID device is updated in which the Hybrid Entra-ID device ownership is registered to company. In Intune device is still not updated and remains stale. Then run the DSREGCMD /Join command again in administrator mode. Then the IIntune device will be registered correctly. A reboot is required in each step, and thus also after performing the Join.
No objects were deleted from Entra-ID during the procedure. So even after the process you objects for the device remain. We removed the obsolete device this time, after verifying that the correct device is registered in Intune.
Many thanks!