Forum Discussion
Enroll Existing Azure AD Joined Machines to Intune
Hello Community, We have an environment with 1500 Devices consisting around 1000 Devices which are already Azure AD Joined & around 500 Devices which are Hybrid AAD joined connected to local AD. ...
My bad forgot to copy 2 lines 🙂
$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM"
New-Item -Path $registryPath
$Name = "AutoEnrollMDM"
$Name2 = "UseAADCredentialType"
$value = "1"
new-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
new-ItemProperty -Path $registryPath -Name $name2 -Value $value -PropertyType DWORD -Force | Out-Null
$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM"
New-Item -Path $registryPath
$Name = "AutoEnrollMDM"
$Name2 = "UseAADCredentialType"
$value = "1"
new-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
new-ItemProperty -Path $registryPath -Name $name2 -Value $value -PropertyType DWORD -Force | Out-Null
Rudy_Ooms_MVP
The value is updated with the Script but it made no changes and nothing happened after i ran it. I restarted the Machine as well but the machine is still not enrolled.
Get Output
$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM"
Get-Item -Path $registryPath
Hive: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion
Name Property
---- --------
MDM AutoEnrollMDM : 1
UseAADCredentialType : 1
The value is updated with the Script but it made no changes and nothing happened after i ran it. I restarted the Machine as well but the machine is still not enrolled.
Get Output
$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM"
Get-Item -Path $registryPath
Hive: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion
Name Property
---- --------
MDM AutoEnrollMDM : 1
UseAADCredentialType : 1
- Maybe if you follow this blog , you could determine what is happening (event log) and if the scheduled task is created… https://call4cloud.nl/2020/05/intune-auto-mdm-enrollment-for-devices-already-azure-ad-joined/
As this worked for us when we needed to enroll a couple of 100 already azure ad joined devices to intune- Tried all steps as per the Article however the event is failing with below error:
MDM ConfigurationManager: Command failure status. Configuration Source ID: (1DE7985E-ABE6-4B09-B008-E050367E5D**), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version), Result: (The system cannot find the file specified.).
Log Name: Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin
Source: Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider
Date: 8/25/2022 1:38:31 PM
Event ID: 404
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: *********
Description:
MDM ConfigurationManager: Command failure status. Configuration Source ID: (1DE7985E-ABE6-4B09-B008-E050367E5D**), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version), Result: (The system cannot find the file specified.).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider" Guid="{3da494e4-0fe2-415c-b895-fb5265c5c8**}" />
<EventID>404</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-25T20:38:31.6613939Z" />
<EventRecordID>364</EventRecordID>
<Correlation />
<Execution ProcessID="2644" ThreadID="12188" />
<Channel>Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin</Channel>
<Computer>*********</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Message1">1DE7985E-ABE6-4B09-B008-E050367E5D**</Data>
<Data Name="Message2">MDMDeviceWithAAD</Data>
<Data Name="Message3">Policy</Data>
<Data Name="InternalCmdType">1</Data>
<Data Name="Message5">./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version</Data>
<Data Name="HexInt1">0x80070002</Data>
</EventData>
</Event>- Fakepolicy is one you could ignore as mentioned here :
https://call4cloud.nl/2021/07/65000-days-of-night/
The device should enroll..
-Does the device has that scheduled task?
-WHen trying to speed things up as mentioned in the blog.... do you receive any error?
-Are you noticing the other events I showed in the blog?
- Thanks Rudy, I think i saw the Blog earlier but thought it may not work in our situation.i will do further testing as per the Blog suggestions and update here soon.
- I have tried solving this error but it looks pretty generic & strange in our situation and i could not find a reason, i will keep exploring but please share further suggestions if there is any.