Forum Discussion
Device Rename in HAADJ environment
Hi, Wondering if there is a supported process for the renaming of devices which have been Hybrid Joined. As we know the device naming setup is currently limited to only being able to provide a p...
The problem with Michaels script is that if the object currently exists in your on-prem AD it fails to rename the computer which will require someone to go into AD and remove it manually.
Thanks @Targetpractise and Durrante for you replies.
I am testing out a combination of the scripts as we are not using SCCM for device co-management.
Basically, combining the component where it get the device serial number to create the new device name, then checks if it exists already in AD and continues.
It would be good to have an idea when the naming conventions for HAADJ will be updated to enable the use of %Serial% as per a cloud only joined machine.
Cheers
Tony
I am testing out a combination of the scripts as we are not using SCCM for device co-management.
Basically, combining the component where it get the device serial number to create the new device name, then checks if it exists already in AD and continues.
It would be good to have an idea when the naming conventions for HAADJ will be updated to enable the use of %Serial% as per a cloud only joined machine.
Cheers
Tony
- The script that Durrante posted is from Michaels page, he was for a long time the head of Autopilot at Microsoft so he knows his stuff. Only problem I had with his script was that it runs in the users/computers context and if the object existed in AD it wouldn't have the needed permissions to delete the old object, and would then fail to rename because the object already exists. That's why I wrote mine and run it through SCCM with an AD admin level account so it can do the object cleanup and not have to grant everyone full permissions. The other option you can do is to modify his script, the schedule task part, and tell it to run as an account with full AD permissions, the risk there is username and password would be easy to extract from the script.
In the script you can add the -user & -password switch to the register task part
Register-ScheduledTask -User SYSTEM -Action $action -Trigger $triggers -TaskName "RenameComputer" -user"USERNAME" -password "PASSWORD" -Description "RenameComputer" -Force
I am on weekly calls with MS and a few of their engineers for Autopilot and I have been asking for the %SERIAL% option for about 2 years now. They tell me its not even on the roadmap yet and may never be for Hybrid Join.Targetpractice I'm using your script, seems to work really well for all scenarios expect a case where renaming the device to a name that already exists, get a message in the logs that the device already exists...it seems to be related to replication of the device that is initially removed. I have tried forcing all commands to run against a specific DC (except the rename-computer command as there is no -server parameter).
- basically until replication of the deletion of the old account occurs, the rename-computer command fails
Thanks Targetpractice,
We found that following michael's advice to apply delegated permission for the SELF account on the device OU's worked for us.
Our next challenge is using a separate Domain Join profile to be used with separate Autopilot profiles based on a AAD dynamic group.
Cheers
