Hybrid Azure AD Join Issue

Question

Hi All,

I am trying to enable Co-Management for SCCM & Intune. The Hybrid setup is already enabled in AD connect almost 1 year before

From Azure AD users are synced from AD connect but when i verified the devices most are azure AD registered (most are VPN and Internet connected users) and few are Hybrid AD (mostly intranet users who are connected actively)

• I tried removing the devices from Azure AD and resynced for VPN users. Device got reflected but under registration it is PENDING.
• Also another concern is most of the users password are not in sync. One of the VPN user using the old password though he has new password and when he tries new password it doesn't logon to his laptop.

Need your advice on where to start checking. Is it ADFS, AD connect level issue. Please suggest

Answer 1

Are you using ADFS or password sync? (based on your question "Is it ADFS" and that you said the passwords aren't syncing)

Also what version of Windows 10 is it that are stuck on registered? See https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan#handling-devices-with-azure-ad-registered-state

Answer 2

Hi All,

During my investigation i found that

• AD computer account - Published Certificate is expired. Will this cause issue please
• Also in ADFS server - Device registration service is stopped - Is it needed