Active Directory
A set of directory-based technologies included in Windows Server.
5,876 questions
Is the hybrid join successful in the new domain? Are the user identities synced in the new domain?
How to overcome from issue after migrating from one forest to another for Hybrid Azure AD joined devices scenario?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 67%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Prabhjot Singh
145
Reputation points
I'm trying to migrate a Hybrid Azure AD joined workstation from one domain to another in a different forest. I used PowerShell to unregister the device from Azure AD and signed out of all Microsoft 365 applications. I also deployed an application package in SCCM to restart the device and join it to the new domain. After joining the new domain, everything seemed fine, but some applications are still asking for old credentials instead of new ones. Additionally, I'm getting an error in Settings>Account>Access Work or School, saying 'sync wasn't fully successful because we weren't able to verify your credentials.' How can I fix this?
2 answers
Sort by: Most helpful
-
Rahul Jindal [MVP] 9,146 Reputation points MVP2024-04-10T21:28:52.76+00:00 -
Prabhjot Singh 145 Reputation points
2024-04-11T04:27:27.75+00:00 Hi @Rahul Jindal [MVP] , user identites are synced in new domain and devices are hybrid joined.
-
Rahul Jindal [MVP] 9,146 Reputation points MVP
2024-04-11T20:50:46.3133333+00:00 So is the issue only involving Intune sync? Are the devices retaining the PRT? Since you are facing issue related to authentication, I will suggest to look into the PRT issuance and retention.
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Akhilesh 4,775 Reputation points Microsoft Vendor2024-04-16T13:12:56.7633333+00:00 Thank you for reaching out to the community forum!
I understand that you are facing issues with some applications asking for old credentials after migrating a Hybrid Azure AD joined workstation from one domain to another in a different forest. Additionally, they are getting an error 'sync wasn't fully successful because we weren't able to verify your credentials.
After migrating some applications to continue prompting for old credentials due to cached information. could you try to remove any stored credentials related to the old domain from Credential Manager.Also, please ensure that the device was completely unregistered from the old Azure AD before joining the new domain.
The other side about the error '
sync wasn't fully successful because we weren't able to verify your credentials'This issue occurs when MFA is Enabled or Enforced, or Microsoft Entra Conditional Access policies that require MFA are applied to all cloud apps. It prevents user association with the device in the portal. To fix the issue Set MFA to Disabled or modify the Conditional Access policies are used.Hope this helps. Do let us know if you any further queries.
Thanks,
Akhilesh.
If this answers your query, do click
Accept AnswerandYesfor was this answer helpful. And, if you have any further query do let us know.-
Akhilesh 4,775 Reputation points Microsoft Vendor
2024-04-19T12:41:13.2766667+00:00 Hi @Prabhjot Singh
Following up to see if the above answer was helpful. If this answers your query, do clickAccept AnswerandYesfor was this answer helpful. And, if you have any further query do let us know. -
Prabhjot Singh 145 Reputation points
2024-04-20T03:40:53.5966667+00:00 Thanks for the reply. But I have also concern regarding this - can you provide me with PowerShell script for to automate the process of un-enrolling device from MDM and unregistering device from Azure AD from old domain. Also, the process for registering to Azure AD and enroll to MDM in new domain?
Sign in to comment -