Remove old SCCM configuration from AD

%3CLINGO-SUB%20id%3D%22lingo-sub-1658606%22%20slang%3D%22en-US%22%3ERemove%20old%20SCCM%20configuration%20from%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1658606%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20in%20my%20AD%20some%20leftovers%20from%20a%20previous%20installation%20of%20SCCM.%20The%20server%20was%20simply%20shutdown%20by%20the%20previous%20admins%2C%20and%20I%20was%20wondering%20what%20are%20the%20proper%20ways%20to%20clean%20the%20leftovers%20of%20the%20installation.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20seen%20from%20previous%20research%20these%20(see%20attached%20image)%20in%20the%20ADSI%20Edit%20System%20Container%20that%20they%20should%20be%20remove.%20Is%20there%20other%20places%20to%20look%20at%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20we%20are%20running%20Intune%20Hybrid%20Azure%20AD%20Joined%2C%20and%20we%20see%20a%20couple%20of%20computers%20that%20are%20seen%20as%20managed%20by%20%22ConfigMgr%22.%20The%20thing%20is%20they%20don't%20have%20any%20client%20installed%2C%20but%20they%20still%20show%20up%20that%20way.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20it%20related%20to%20the%20AD%20entries%20mentioned%20above%2C%20or%20is%20there%20another%20reason%20(leftovers%20from%20previous%20SCCM%20agent%20installation)%20that%20could%20cause%20this%20behaviour%20in%20AzureAD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20in%20advance%20for%20your%20help.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1658606%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud-attached%20management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EGeneral%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1659837%22%20slang%3D%22en-US%22%3ERe%3A%20Remove%20old%20SCCM%20configuration%20from%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1659837%22%20slang%3D%22en-US%22%3EDelete%20the%20old%20objects%20in%20the%20System%20Management%20container%2C%20don't%20delete%20the%20System%20Management%20container%2C%20just%20the%20objects%2C%20including%20sub-containers.%20Check%20DNS%20for%20management%20point%20records.%3CBR%20%2F%3E%3CBR%20%2F%3EYou%20can%20only%20have%20one%20MDM%20authority%20defined%20and%20if%20you%20had%20the%20SCCM%20client%20installed%20before%20you%20need%20to%20reset%20the%20MDM%20Authority%20on%20the%20computer.%3CBR%20%2F%3E%3CBR%20%2F%3ETry%20this%3A%3CBR%20%2F%3ERemove-Item%20-Path%20%24CurrentPath%5CDeviceManageabilityCSP%20-Force%20-Recurse%20-ErrorAction%20SilentlyContinue%3CBR%20%2F%3E%3CBR%20%2F%3EAnd%20force%20a%20sync%20to%20Intune.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1659849%22%20slang%3D%22en-US%22%3ERe%3A%20Remove%20old%20SCCM%20configuration%20from%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1659849%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F495002%22%20target%3D%22_blank%22%3E%40alusignan%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDelete%20the%20old%20objects%20in%20the%20System%20Management%20container%2C%20don't%20delete%20the%20System%20Management%20container%2C%20just%20the%20objects%2C%20including%20sub-containers.%20Check%20DNS%20for%20management%20point%20records%20and%20delete%20them%20as%20well.%3CBR%20%2F%3E%3CBR%20%2F%3EYou%20can%20only%20have%20one%20MDM%20authority%20defined%20and%20if%20you%20had%20the%20SCCM%20client%20installed%20before%20you%20need%20to%20reset%20the%20MDM%20Authority%20on%20the%20computer.%3CBR%20%2F%3E%3CBR%20%2F%3ETry%20this%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22pl-smi%22%3E%24CurrentPath%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22pl-k%22%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%20%E2%80%9CHKLM%3A%5CSOFTWARE%5CMicrosoft%E2%80%9D%3C%2FSPAN%3E%3CBR%20%2F%3ERemove-Item%20-Path%20%24CurrentPath%5CDeviceManageabilityCSP%20-Force%20-Recurse%20-ErrorAction%20SilentlyContinue%3CBR%20%2F%3E%3CBR%20%2F%3EAnd%20force%20a%20sync%20to%20Endpoint%20Manager.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Visitor

Hi,

 

I have in my AD some leftovers from a previous installation of SCCM. The server was simply shutdown by the previous admins, and I was wondering what are the proper ways to clean the leftovers of the installation.

 

I've seen from previous research these (see attached image) in the ADSI Edit System Container that they should be remove. Is there other places to look at?

 

Also, we are running Intune Hybrid Azure AD Joined, and we see a couple of computers that are seen as managed by "ConfigMgr". The thing is they don't have any client installed, but they still show up that way. 

 

Is it related to the AD entries mentioned above, or is there another reason (leftovers from previous SCCM agent installation) that could cause this behaviour in AzureAD.

 

Thank you in advance for your help.

 

1 Reply
Highlighted

@alusignan 

Delete the old objects in the System Management container, don't delete the System Management container, just the objects, including sub-containers. Check DNS for management point records and delete them as well.

You can only have one MDM authority defined and if you had the SCCM client installed before you need to reset the MDM Authority on the computer.

Try this:

$CurrentPath = “HKLM:\SOFTWARE\Microsoft”
Remove-Item -Path $CurrentPath\DeviceManageabilityCSP -Force -Recurse -ErrorAction SilentlyContinue

And force a sync to Endpoint Manager.