question

usarif avatar image
usarif asked ·

change AAD Joined windows 10 device ownership with Powershell

Folks,
I am in situation to get up running Intune. My previous collegue joined every windows 10 devices to AAD with one UPN id, so like over 1000 computers have one ownership. When I tried to enroll Windows devices to Intune, the login user is different than device owner.

Is there way to change device ownership with upn through PowerShell?


I know I can have user go to settings>Access or school. but this way it will required local administrator account, reboot and will remove current user profile.

So, I am looking for automation...

thanks in advance

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
amanpreetsingh-msft answered ·

@usarif In order to change the device owner, you would need to first add another owner to the device and then remove the existing user. There is no single PowerShell command to change the owner. I am sharing the cmdlets below:

  1. Open PowerShell as Administrator and run Install-module AzureADPreview. If you have this module installed already, you can skip this step.

  2. Login to Azure AD with your Global Admin account by using Connect-AzureAD cmdlet.

  3. Run Get-AzureADDevice -All $true | Where-Object {$_.DeviceTrustType -eq "AzureAd"} to get object ID of all Azure AD joined devices in your tenant.

  4. Run Add-AzureADDeviceRegisteredOwner -ObjectId 94b0b212-xxxx-xxxx-xxxx-xxxxxxxxxxxx -RefObjectId 86757ad2-xxxx-xxxx-xxxx-xxxxxxxxxxxx. Where, -ObjectId is to specify the object id of the device and -RefObjectId is to specify the object ID of the user you want to add as registered owner.

  5. Run Remove-AzureADDeviceRegisteredOwner -ObjectId 94b0b212-xxxx-xxxx-xxxx-xxxxxxxxxxxx -OwnerId 540b9c12-xxxx-xxxx-xxxx-xxxxxxxxxxxx. Where, -OwnerId is to specify the object ID of the previous owner that you want to remove.

  6. To confirm the new registered owner, run Get-AzureADDeviceRegisteredOwner -ObjectId 94b0b212-xxxx-xxxx-xxxx-xxxxxxxxxxxx or login to Azure Portal and navigate to Azure AD > Devices > All devices.


Please "accept as answer" or "vote as helpful" wherever the information provided helps you to help others in the community.

Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

usarif avatar image
usarif answered ·

I was able remove previous and register new owner fine, my script is below...thanks for your help

$Device_Object = 'pcwindows'
$CurrentRegOwner = 'currentowner@contoso.com'
$NewRegOwner = 'newowner@contoso.com'

Install Module enable this on new system

Install-module AzureADPreview -AllowClobber


connect with Azure AD

Connect-AzureAD


get object ID of all Azure AD joined devices in your tenant

$DeviceObjectID = Get-AzureADDevice -SearchString $Device_Object |select id

$Device = Get-AzureADDevice -SearchString $Device_Object
$Device

Get current owner of device objectid

$CurrentOwnerRefObjectId = get-azureaduser -All $true | Where-Object {$_.UserPrincipalName -eq $CurrentRegOwner}
$CurrentOwnerRefObjectId

Get new owner of device objectid

$NewOwnerRefObjectId = get-azureaduser -All $true | Where-Object {$_.UserPrincipalName -eq $NewRegOwner}
$NewOwnerRefObjectId

getting device ownership

$GetRegCurrentOwner = Get-AzureADDeviceRegisteredOwner -ObjectId $Device.ObjectId

add new owner to device Where,


-ObjectId is to specify the object id of the device


-RefObjectId is to specify the object ID of the user you want to add as registered owner.


If ($GetRegCurrentOwner.UserPrincipalName -eq $NewOwnerRefObjectId.UserPrincipalName){
Write-Host "Red on white text." -ForegroundColor red -BackgroundColor white
} Else {
Write-Host "Red on blue text." -ForegroundColor Blue -BackgroundColor white
$AddnewOwner = Add-AzureADDeviceRegisteredOwner -ObjectId $Device.ObjectId -RefObjectId $NewOwnerRefObjectId.ObjectId
}



Remove Current owner from device Where,


-ObjectId is to specify the object id of the device


-OwnerId is to specify the Current registered owner.

$Device = Get-AzureADDevice -SearchString $Device_Object

$Owner = Get-AzureADDeviceRegisteredOwner -ObjectId $Device.ObjectId #| Where-Object {$_.UserPrincipalName -eq $CurrentRegOwner}
If ($Owner.UserPrincipalName -match $CurrentRegOwner){
$RemCurrentOwner = Remove-AzureADDeviceRegisteredOwner -ObjectId $Device.ObjectId -OwnerId $CurrentOwnerRefObjectId.ObjectId

  Write-Host "Red on white text." -ForegroundColor red -BackgroundColor white
 } Else {
     Write-Host "Red on blue text." -ForegroundColor Blue -BackgroundColor white

}

Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.