Forum Discussion
Kitram
Aug 25, 2021Copper Contributor
The CPC-* device won't sync with AAD
When I want to provision a device, it creats me a CPC-* device in my on prem AD, but it won't sync to AAD. Even in Synchronzation Service Manager i see that one new device is added, i am not able to s...
xTwoTwo
Copper Contributor
Hi,
have you ever managed to sort this out?! I'm facing the exact same issue at the moment.
Cheers, Maarten
Kitram
Oct 19, 2021Copper Contributor
xTwoTwo
Did you check inside the computer object in on-prem AD the attribute usercertificate? Is this empty or filled in?
Yes, I did. In my case it was my webfilter, which blocked the the Microsoft CA.
Simplest way to troubleshoot is just to create a simple VM in azure. The VM should have the VNET which is integrated to W365. Then make sure the VM is AD joined (on-prem) and in the right OU, where tje CPC-* devices are. Check if this computer object is synced with Azure Ad. If notnstart to trounleshoot with (Dsregcmd /join etc.)
https://docs.microsoft.com/en-us/azure/active-directory/devices/troubleshoot-hybrid-join-windows-current#troubleshoot-join-failures
Did you check inside the computer object in on-prem AD the attribute usercertificate? Is this empty or filled in?
Yes, I did. In my case it was my webfilter, which blocked the the Microsoft CA.
Simplest way to troubleshoot is just to create a simple VM in azure. The VM should have the VNET which is integrated to W365. Then make sure the VM is AD joined (on-prem) and in the right OU, where tje CPC-* devices are. Check if this computer object is synced with Azure Ad. If notnstart to trounleshoot with (Dsregcmd /join etc.)
https://docs.microsoft.com/en-us/azure/active-directory/devices/troubleshoot-hybrid-join-windows-current#troubleshoot-join-failures