Azure AD Endpoint Manager User Profile Corruption: Black Screen Flashing Taskbar Explorer Crash Loop

Daniel,

We just discovered the same thing and rolled out a fix for it in our environment. For users with an email address in on-prem AD, Azure AD Connect Sync was creating the accounts in Azure online with the pre-Windows 2000 NetBIOS domain name which matches the pre-Windows 2000 NetBIOS user logon name. However, for those without an email, it was creating the account in Azure with the subdomain of the domain FQDN instead of the pre-Windows 2000 name as specified on the account or in Domains and Trusts. Azure AD Cloud Sync was trying to update all accounts to the subdomain and completely ignoring the pre-Windows 2000 names entirely.

As far as experiencing the taskbar issue, once it occurred for one account on the machine, it would then impact all accounts on the machine both pre-existing and new sign-ins. However, accounts that did not have an AD mail attribute would not experience the issue. We found the same SubPkgs key and those that were in the NetBIOS subkeys would have the taskbar, permission, and general SID mismatch errors but those that were in the subdomain subkey would not.

We shut down our Azure AD Connect and are now relying entirely on Cloud Sync. Then, to fix the machines without a reimage, we performed a full Cloud Sync and then ran the following PowerShell script on Azure AD joined machines to clean up the broken accounts. This allowed users to sign in fresh with the subdomain instead of NetBIOS prefix and the issue has not reoccurred, but it's only been about a week.

$CurrentUserSID = (C:\Windows\System32\whoami.exe /User /Fo CSV | ConvertFrom-Csv).SID
$CachedAccounts = Get-CimInstance -Classname win32_userprofile | where-object { (!$_.Special) -And ($_.SID -like 'S-1-12-1-*') -And ($_.SID -NotLike $CurrentUserSID) }
foreach ($Account in $CachedAccounts) {
    $SIDtoUser = $null
    $SID = New-Object System.Security.Principal.SecurityIdentifier($Account.SID)
    try { 
        $SIDtoUser = $SID.Translate([System.Security.Principal.NTAccount])
        Write-Host "Removing $SIDtoUser from list of cached accounts."
        if ($SIDtoUser -ne $null) {
            $CachedAccounts = @($CachedAccounts | Where-Object SID -ne $SID)
        }
    } catch {
        Write-Host "Unable to translate SID ($SID) to user."
    }
}
if ($CachedAccounts.Count -gt 0) {
    Write-Host 'Accounts to be removed:'
    $CachedAccounts | Select LocalPath,SID | ft
    $Confirmation = Read-Host "Do you want to remove those accounts? (Yes or No)"
    if ($Confirmation.ToLower() -like "y*") {
        Write-Host "Removing accounts..."
        $CachedAccounts | Remove-CimInstance -Verbose
    } else {
        Write-Host 'Accounts not removed.'
    }
} else {
    Write-Host 'No accounts to remove.'
}

Hopefully, this script and info helps someone else.

Rexford