Home
%3CLINGO-SUB%20id%3D%22lingo-sub-392805%22%20slang%3D%22en-US%22%3ERe%3A%20Known%20issue%20with%20%E2%80%9CRename%20device%E2%80%9D%20setting%20for%20Windows%2010%20devices%20in%20the%20Intune%20console%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-392805%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Intune%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewe%20are%20having%20a%20very%20serious%20issue%20with%20Hybrid%20AAD%20Joined%20Windows%2010%20machines%20and%20our%20MDM%20users.%3C%2FP%3E%3CP%3EThey%20are%20able%20to%20see%20their%20Windows%2010%20Corporate-Owned%20Hybrid%20AAD%20Joined%20machines%20in%20the%20Company%20Portal%20and%20from%20there%2C%20issue%20a%20Refresh%20(Wipe)%20command!%20This%20is%20very%20dangerous%20as%20it%20allows%20end%20users%20to%20reset%20their%20assigned%20company%20machines%20through%20their%20mobile.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20already%20been%20informed%20by%20Intune%20Support%20that%20this%20is%20a%20known%20issue%20and%20should%20be%20resolved.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20logic%20here%20should%20be%20that%20if%20a%20Windows%2010%20Domain%20Joined%20%2F%20Hybrid%20AAD%20joined%20machine%20is%20Corporate%20owned%20(GPO%20or%20SCCM%20used%20for%20automatic%20enrollment)%2C%20the%20%22Enrollment%20user%22%20shouldn't%20be%20able%20to%20act%20against%20those%20systems.%20Only%20designated%20entities%20should.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20raise%20this%20case's%20impact%20as%20it%20could%20really%20cause%20issues%20where%20users%20unknowingly%20do%20such%20actions%20(rename%20should%20also%20be%20blocked%20for%20them)%20as%20these%20devices%20are%20not%20under%20their%20ownership%2C%20rather%20they%20are%20company%20resources.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-390868%22%20slang%3D%22en-US%22%3EKnown%20issue%20with%20%E2%80%9CRename%20device%E2%80%9D%20setting%20for%20Windows%2010%20devices%20in%20the%20Intune%20console%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-390868%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EUpdate%20on%208%2F7%2F19%3C%2FSTRONG%3E-%26nbsp%3B%20We%E2%80%99ve%20received%20reports%20from%20customers%20around%20this%20issue.%20Engineering%20is%20still%20continuing%20to%20restore%20this%20setting%20within%20the%20Intune%20Console.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EUpdate%20on%205%2F17%2F19%3C%2FSTRONG%3E-%26nbsp%3BThis%20post%20previously%20shared%20that%20the%20impact%20was%20limited%20to%20Hybrid%20Azure%20AD%20joined%20devices.%20We've%20since%20updated%20the%20post%20to%20include%20Azure%20AD%20co-managed%20devices.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%E2%80%99ve%20discovered%20an%20issue%20with%20a%20new%20feature%20that%20was%20recently%20released%20in%20the%20console.%20If%20you%20manage%20Windows%2010%20devices%2C%20you%20may%20have%20seen%20a%20new%20%E2%80%9CRename%20device%E2%80%9D%20setting%20in%20the%20console%20to%20rename%20an%20enrolled%20Windows%2010%20device.%20We%E2%80%99ve%20found%20that%20the%20renaming%20flow%20using%20this%20setting%20might%20not%20complete%20on%20Windows%20devices%20that%20are%20joined%20to%20on%20premises%20Active%20Directory%2C%20including%20Hybrid%20Azure%20AD%20joined%20devices.%20This%20setting%20has%20now%20been%20temporarily%20disabled%20for%20Hybrid%20Azure%20AD%20joined%20devices.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHere%E2%80%99s%20the%20current%20experience%20in%20the%20Intune%20console.%20When%20you%20go%20to%20Devices%20%26gt%3B%20All%20Devices%20and%20choose%20a%20Windows%20device%2C%20you%20will%20see%20an%20option%20to%20rename%20the%20device.%20On%20renaming%20the%20device%2C%20the%20new%20name%20is%20reflected%20in%20the%20Intune%20console%20and%20in%20Azure%20AD.%20However%2C%20we%E2%80%99ve%20seen%20some%20cases%20where%20the%20new%20device%20name%20is%20not%20reflected%20in%20the%20on%20premises%20Active%20Directory.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20can%20result%20in%20login%20errors%20where%20a%20user%20may%20be%20able%20to%20log%20on%20to%20their%20device%20initially%20but%20may%20experience%20single%20sign-on%20(SSO)%20errors%20when%20they%20try%20to%20login%20again%20after%20a%20password%20change.%3C%2FP%3E%0A%3CP%3EEngineering%20is%20still%20working%20to%20understand%20the%20cause%20and%20remediation.%20We've%20temporarily%20disabled%20this%20setting%20in%20the%20console%20for%20Hybrid%20Azure%20AD%20joined%20devices%20and%20Azure%20AD%20joined%20co-managed%20devices%20until%20we%20have%20a%20fix%20for%20this%20issue.%20Stay%20tuned%20for%20more%20information%20as%20we%20look%20into%20this!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-390868%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eknown%20issue%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ewindows%2010%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-819488%22%20slang%3D%22en-US%22%3ERe%3A%20Known%20issue%20with%20%E2%80%9CRename%20device%E2%80%9D%20setting%20for%20Windows%2010%20devices%20in%20the%20Intune%20console%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-819488%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EAny%20update%20on%20this%20issue%3F%20we%20are%20still%20seeing%20updates%20to%20hybrid%20join%20devices%20still%20not%20being%20reflected%20within%20On-Premise%20AD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-854798%22%20slang%3D%22en-US%22%3ERe%3A%20Known%20issue%20with%20%E2%80%9CRename%20device%E2%80%9D%20setting%20for%20Windows%2010%20devices%20in%20the%20Intune%20console%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-854798%22%20slang%3D%22en-US%22%3E%3CP%3EAny%20idea%20when%20this%20will%20be%20resolved%3F%20We%20would%20like%20to%20have%20the%20ability%20to%20rename%20computers%20from%20the%20Intune%20portal.%20Waiting%20anxiously%20on%20this!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-908797%22%20slang%3D%22en-US%22%3ERe%3A%20Known%20issue%20with%20%E2%80%9CRename%20device%E2%80%9D%20setting%20for%20Windows%2010%20devices%20in%20the%20Intune%20console%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-908797%22%20slang%3D%22en-US%22%3E%3CP%3EAny%20chance%20that%20what%20was%20done%20to%20block%20this%20functionality%20could%20be%20preventing%20hybrid%20joined%26nbsp%3B%20machines%20from%20being%20renamed%20period%3F%3F%3F%20....%20even%20locally%20from%20the%20machine%20itself%3F%20...%20i%20have%20an%20autopilot%20joined%20machine%20that%20neither%20I%20(with%20domain%20admin%20priviledge%20and%20local%20admin)%20nor%20the%20end%20user%20(local%20admin)%20can%20apparently%20rename%20his%20machine...%20we%20both%20get%20%22access%20denied%22%20when%20we%20attempt%20to%20do%20so...%20the%20machine%20is%20here%20in%20the%20office.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-910026%22%20slang%3D%22en-US%22%3ERe%3A%20Known%20issue%20with%20%E2%80%9CRename%20device%E2%80%9D%20setting%20for%20Windows%2010%20devices%20in%20the%20Intune%20console%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-910026%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F72289%22%20target%3D%22_blank%22%3E%40Jim%20MCKAY%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20having%20this%20issue%20only%20with%20my%20PowerShell%20scripts%20-%20When%20I%20deploy%20the%20script%20for%20AzureAD%20joined%20devices%20the%20script%20works%20perfectly%20and%20the%20computer%20name%20changes.%20But%20when%20the%20machine%20is%20a%20Hybrid%20domain%20joined%20device%2C%20the%20PS%20script%20fails.%20Of%20course%2C%20getting%20the%20reason%20for%20the%20failure%20is%20near%20impossible%20with%20the%20Intune%20portal%20so...%20I'm%20just%20stuck%20with%20it%20for%20now.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-988484%22%20slang%3D%22en-US%22%3ERe%3A%20Known%20issue%20with%20%E2%80%9CRename%20device%E2%80%9D%20setting%20for%20Windows%2010%20devices%20in%20the%20Intune%20console%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-988484%22%20slang%3D%22en-US%22%3E%3CP%3Ecan%20we%20get%20an%20status%20update%20form%20someone%20form%20microsoft%20as%20this%20still%20a%20problem%20with%20or%20organization%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-989015%22%20slang%3D%22en-US%22%3ERe%3A%20Known%20issue%20with%20%E2%80%9CRename%20device%E2%80%9D%20setting%20for%20Windows%2010%20devices%20in%20the%20Intune%20console%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-989015%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20appeared%20to%20have%20been%20addressed%20at%20least%20for%20us....%20my%20most%20recent%20hybrid%20joined%20autopilot%20box%20renamed%20fine...%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1003379%22%20slang%3D%22en-US%22%3ERe%3A%20Known%20issue%20with%20%E2%80%9CRename%20device%E2%80%9D%20setting%20for%20Windows%2010%20devices%20in%20the%20Intune%20console%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1003379%22%20slang%3D%22en-US%22%3E%3CP%3EIt's%20still%20an%20issue%20for%20us.%26nbsp%3B%20I%20just%20renamed%20a%20hybrid%20joined%20device%20using%20the%20Intune%20console%20and%20now%20I%20get%20the%20following%20error%20when%20attempting%20to%20sign%20in%20to%20the%20device%20with%20an%20AD%20account%20--%20%22The%20security%20database%20on%20the%20server%20does%20not%20have%20a%20computer%20account%20for%20this%20workstation%20trust%20relationship.%22%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1004957%22%20slang%3D%22en-US%22%3ERe%3A%20Known%20issue%20with%20%E2%80%9CRename%20device%E2%80%9D%20setting%20for%20Windows%2010%20devices%20in%20the%20Intune%20console%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1004957%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EWe%20are%20facing%20the%20same%20issue%20after%20renaming%20a%20test%20client%20via%20Intune%20--%20%22The%20security%20database%20on%20the%20server%20does%20not%20have%20a%20computer%20account%20for%20this%20workstation%20trust%20relationship.%22%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E

Update on 8/7/19-  We’ve received reports from customers around this issue. Engineering is still continuing to restore this setting within the Intune Console.

 

Update on 5/17/19 - This post previously shared that the impact was limited to Hybrid Azure AD joined devices. We've since updated the post to include Azure AD co-managed devices.

 

We’ve discovered an issue with a new feature that was recently released in the console. If you manage Windows 10 devices, you may have seen a new “Rename device” setting in the console to rename an enrolled Windows 10 device. We’ve found that the renaming flow using this setting might not complete on Windows devices that are joined to on premises Active Directory, including Hybrid Azure AD joined devices. This setting has now been temporarily disabled for Hybrid Azure AD joined devices.

 

Here’s the current experience in the Intune console. When you go to Devices > All Devices and choose a Windows device, you will see an option to rename the device. On renaming the device, the new name is reflected in the Intune console and in Azure AD. However, we’ve seen some cases where the new device name is not reflected in the on premises Active Directory.

 

This can result in login errors where a user may be able to log on to their device initially but may experience single sign-on (SSO) errors when they try to login again after a password change.

Engineering is still working to understand the cause and remediation. We've temporarily disabled this setting in the console for Hybrid Azure AD joined devices and Azure AD joined co-managed devices until we have a fix for this issue. Stay tuned for more information as we look into this!

10 Comments
Regular Visitor

Hello Intune,

 

we are having a very serious issue with Hybrid AAD Joined Windows 10 machines and our MDM users.

They are able to see their Windows 10 Corporate-Owned Hybrid AAD Joined machines in the Company Portal and from there, issue a Refresh (Wipe) command! This is very dangerous as it allows end users to reset their assigned company machines through their mobile.

 

I have already been informed by Intune Support that this is a known issue and should be resolved.

 

The logic here should be that if a Windows 10 Domain Joined / Hybrid AAD joined machine is Corporate owned (GPO or SCCM used for automatic enrollment), the "Enrollment user" shouldn't be able to act against those systems. Only designated entities should.

 

Please raise this case's impact as it could really cause issues where users unknowingly do such actions (rename should also be blocked for them) as these devices are not under their ownership, rather they are company resources.

 

Thanks

Regular Visitor

Hi,

Any update on this issue? we are still seeing updates to hybrid join devices still not being reflected within On-Premise AD.

 

Thanks,

Established Member

Any idea when this will be resolved? We would like to have the ability to rename computers from the Intune portal. Waiting anxiously on this!

Regular Visitor

Any chance that what was done to block this functionality could be preventing hybrid joined  machines from being renamed period??? .... even locally from the machine itself? ... i have an autopilot joined machine that neither I (with domain admin priviledge and local admin) nor the end user (local admin) can apparently rename his machine... we both get "access denied" when we attempt to do so... the machine is here in the office. 

 

 

Established Member

@Jim MCKAY 

I'm having this issue only with my PowerShell scripts - When I deploy the script for AzureAD joined devices the script works perfectly and the computer name changes. But when the machine is a Hybrid domain joined device, the PS script fails. Of course, getting the reason for the failure is near impossible with the Intune portal so... I'm just stuck with it for now.

Occasional Visitor

can we get an status update form someone form microsoft as this still a problem with or organization

Regular Visitor

It appeared to have been addressed at least for us.... my most recent hybrid joined autopilot box renamed fine... 

 

Occasional Contributor

It's still an issue for us.  I just renamed a hybrid joined device using the Intune console and now I get the following error when attempting to sign in to the device with an AD account -- "The security database on the server does not have a computer account for this workstation trust relationship."

Senior Member

We are facing the same issue after renaming a test client via Intune -- "The security database on the server does not have a computer account for this workstation trust relationship."

Occasional Visitor

Can confirm that I am also having the rename issue. Windows 10 1909 and Hybrid AD Join. Is there a way to turn this feature off per tenant to prevent people breaking users' computers?