Forum Discussion
Stuck with InTune
Hi, need some help from those that know more than me, I have two devices that were previously enrolled and managed through InTune. We have a hybrid environment. Unfortuantely they were accidentally deleted from InTune and then EntraID in an attempt to get them re-enrolled.
The devices are now showing as pending in Entra ID again due to the hybrid sync.
I have tried scripts and GPOs to get them to re-enroll but so far nothing has come back.
I have found out that on the device side they are still showing as being enrolled in InTune MDM.
I am wondering, can I fix this by disconnecting this MDM connection and getting the user to sign into it?
Hopefully, I have been clear enough on this, but if not ask and I will try to clarify.
Thanks,
M
Hy,
1. if you ran the script correctly any old enrollments should be deleted. Disconnect from “Work or School” and then run a Delta Sync from your Entra Connect Server..
2. No no profile will be lost but based on your tenant Conditional Access Policy’s it could be a problem with the login for the user.
dsregcmd should help you more in hybrid in order for you to track the issue.Try also dsregcmd /debug.
Good luck!
8 Replies
Hello,
we have the same infrastructure and hybrid devices. The same problem occured with some notebooks.
Solution:- rename device in active directory or recreate the computer account. we had a problem with the computeraccount password.
- than reenroll as mentioend above.
BR
Hy,
if dsregcmd /leave does not work for you, maybe you could try this Script from my GitHub:
https://github.com/FlyOnCloud/ms-entra-intune-scripts/blob/main/Win_Clean_EnrollmentID.ps1
Good luck!
I did run those and the only thing it did was change the machine from Pending to now showing a date and time under activity, so it helped a little. But still not showing in InTune.
I think the issue is that the laptop still thinks it is connected to InTune as shown in the above picture, so any further attempts fail. I need to know if I do disconnect the broken MDM will anything happen to the users profile or access.
Thanks,
M
Hy,
1. if you ran the script correctly any old enrollments should be deleted. Disconnect from “Work or School” and then run a Delta Sync from your Entra Connect Server..
2. No no profile will be lost but based on your tenant Conditional Access Policy’s it could be a problem with the login for the user.
dsregcmd should help you more in hybrid in order for you to track the issue.Try also dsregcmd /debug.
Good luck!
Thank you for that, but I can't disconnect from the work or school account, the user is remote and that will create a whole load of issues.
So the script will remove the already created MDM connection and remove any entries in the registry related to the old enrollments?
Thank you,
M
Have you tried running dsregcmd /leave, rebooting and then enrolling it again using dsregcmd /join ?
Good morning, I did try that but it didn't get the device enrolled in InTune. It did change the pending to a fully listed device (not idea of the correct descriptive word here, but it now listing activity and created dates).
I think the issue is the laptop thinks it is still enrolled, but it's not showing on the InTune console. The sync option doesn't work either, however I am cautious about disconnecting the MDM connection shown in the picture in case anything happens to the users profile.
M
The commands were only meant to get the device back in an Entra Hybrid joined state. Without this, your existing domain joined device will not enrol in Intune. If you have admin rights, then you can disconnect from the work or school account and then enrol again manually. But as Bogdan_Guinea mentioned, be mindful of conditional access policy as depending on what policies you have implemented, they may interfere during the re-enrolment process.
