none
Intune autoconnect RRS feed

  • Question

  • Hi looking for some advice please.

    I have a number of Windows 10 PC's using 1809 which are auto connecting to AAD even though no connection was setup.

    Using Intune as the authority to manage the device however even before intune setup happens the PC is auto connected to AAD

    can't figure out why.

    Here's the process thus far.

    New PC build off the network and imaged, blank windows 10 image, no apps other than .net 3.5 and visual cc++redi. 

    login to PC with local admin (non domain joined machine) -- connecting to internet via a wifi dongle so not on a network

    go to settings and see aad connected - if you check the azure ad console no deice is showing up either.

    Unable to remove the connection at setting etc. if you connect with a new user setting it connects but no profiles are pushed down from azure.. Any assistance would be appreciated.

    thanks


    • Edited by ian o brien Sunday, September 15, 2019 9:04 AM
    Sunday, September 15, 2019 9:02 AM

All replies

  • You can configure a solution to automatically join a new Windows 10 device to Azure AD during a first run. Is that what's happening?

    https://docs.microsoft.com/en-us/azure/active-directory/devices/azuread-joined-devices-frx



    Gerry Hampson | Blog: www.gerryhampsoncm.blogspot.ie | LinkedIn: Gerry Hampson | Twitter: @gerryhampson

    Sunday, September 15, 2019 1:36 PM
  • Thanks Gerry that could be it I'll check that to see if it is what's happening much obliged
    Monday, September 16, 2019 7:40 AM
  • The image; is that a custom build image or some image from an ISO? Is it possible that you made the image from a domain-joined device? Maybe are the applied GPOs still exist in the image and because of that the PC still automatically join Azure AD? 

    If you are using a clean image, local (admin) account and no connection with the corporate network - but only with the Internet - it will not automatically join Azure AD. Only when you enter - during the Out of Box Experience (OOBE) - your UPN credentials (@contose.com) and is licensed.  
    Monday, September 16, 2019 11:42 AM
  • thanks Albert, yes it was a custom image and going through this again it may well be the case that it was domain joined (AAD joined to be precise) at the time of an image being taken which would explain why aad connect continues to say connected and wont let go of the connection even after clicking disconnect. I have tried using PS to remove it but again wont budge 

    used Disconnect-AzureAD, also tried Setup a local new admin user, logged in with that user and looked to disconnect , nothing

    Tried renaming the device and logging back in then disconnecting, nothing.

    I'm wondering if there is a way in registry or some other powershell script that

    could brute force a disconnect as it is surely just stored in the image

    , however so far I am unable to find such a script.

    Any additional assitance would be great, i guess the only other way will be to start from scratch which would

    cause time issues but may be the only way.

    Thanks

    Monday, September 16, 2019 8:28 PM
  • It is better to start from scratch by building a new Windows 10 image with the latest updates. Of course not on a domain-joined device.
    The best way for building an image is to do it in a virtual machine as a base machine. 

    Tuesday, September 17, 2019 10:12 AM
  • Thanks for all your assistance, a colleague of mine found the fix. 
    it was the following: ran the command dsregcmd.exe /debug /leave  in the 
    local administrator account with admin elevated command prompt - run 
    the dsregcmd.exe /debug /leave command in a task scheduler job (under the SYSTEM account)

    Kind Regards


    Monday, September 23, 2019 4:34 PM
  • Thanks Gerry

    Thanks for all your assistance, a colleague of mine found the fix. 
    it was the following: ran the command dsregcmd.exe /debug /leave  in the 
    local administrator account with admin elevated command prompt - run 
    the dsregcmd.exe /debug /leave command in a task scheduler job (under the SYSTEM account)
    interestingly the opinion to join aad via settings will not appear if there is a proxy along the chain, when you remove the proxy the aad connect option comes back..
    Kind Regards

    Monday, September 23, 2019 4:36 PM