Forum Discussion
Intune enrollment creates new Azure AD object
Hi, we have Azure AD Hybrid joined devices, we want to enroll them to Intune. Upon testing with a subset of devices, we observe that intune enrolled devices become duplicates with their own/new object ID. Is this by design, or some configuration issue? See sample screenshot belov. Ruslan
9 Replies
- Hi, how long did you wait after you have noticed this? I have seen it in the past a couple times but the next day the were somehow "merged"
- we've waited for 6 days now, but the devices are still duplicate.. I've heard before about devices merging after a day or two, I wonder what triggers it or what can cause the merging fail...
RNalivaika launch dsregcmd /status on one of the clients and take a look for the PRT (primary refresh token). Also, are you scoping users for auto enrollment? As soon as you HAADJ devices and use the WPJ options for the intune enrollment, this issue may happen. We encountered the same.
Henrixx do you mean this PRT?
AzureAdPrt : YES
AzureAdPrtUpdateTime : 2021-08-03 18:25:21.000 UTC
AzureAdPrtExpiryTime : 2021-08-17 18:25:30.000 UTC
AzureAdPrtAuthority : https://login.microsoftonline.com/f4b9822c-3c52-41ba-85d0-c9fc9ef75aa9
EnterprisePrt : NO
We use MDM user scope with a group containing the pilot users who use the machines we want to enroll.- Thanks, so you got the PRT - thats good.
Next, lets check some additional questions:
- how do you perform the HAADJ? Manually or using a GPO? -if a GPO is used, are you using MDM (Device Credentials or User Credentials)?
- I guess you are using mail as UPN?
- If you check Intune, do you see these devices as corp enrolled or personal enrolled?
- What OS are you on? especially the PCs you use for the pilot?
