Windows Autopilot Hybrid Azure AD Join - Error Code 80070774 RRS feed

  • Question

  • I think i have tried everything now but i can't get Windows Autopilot Hybrid Azure AD Join to work.

    I have read every MVP blog out there and cannot resolve error code 80070774. I have done everything in the blogpost from systercenterdudes.

    The computer is joining Azure AD and gets a temporary device name "DESKTOP-DE647S" but the Domain Join configuration is never applied.

    If i look in the event viewer on the machine hosting the Intune Connector service i can only se event ID: 30121 and 30150.
    After reading guides and blogs there should be more event ID.

    Im using a dynamic device group to get my autopilot devices and using this group in Autopilot deployment profile and Domain join config.

    When i get the error on the client i can open up cmd and ping all my three DC, so i have connectivity to DC, the error code says "0x80070774 = domain controller not found"

    Please help....

    Wednesday, July 10, 2019 8:24 AM

All replies

  • Hello,

    You may not properly delegate permissions to the OU where autopilot devices are to be created. Please review the guide below, and make sure you have followed the procedures in it.

    Additionally, please also note that you should not use the "Assign user" feature, after you upload the device's hardware info. You can verify it at the following location, and select the Ellipsis (…) to the right of the device(s) experiencing the issue.

    Microsoft Intune > Device enrollment - Windows enrollment > Windows Autopilot devices

    Best regards,

    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Thursday, July 11, 2019 5:31 AM
  • I have delegated the permission exactly as the documentation says. I have not assign any user to the device in Autopilot. The intune connector status is green and communicating, the intune connector is installed on the same server running Azure AD Connect and Pass-through authentication, could this be a problem?
    Thursday, July 11, 2019 8:14 AM
  • Hello,

    In my environment, I install Intune Connector and AD Connect on two separate servers. 

    Best regards,

    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Friday, July 12, 2019 4:24 AM
  • Hello,

    Could you please switch to Password Hash Synchronization, and then to check it again?

    Best regards,
    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Monday, July 15, 2019 6:57 AM
  • Sorry i've been on vacation.

    I rather not switch to Password Hash Sync, do you really think Azure AD Passthrough Auth is the problem here?

    Tuesday, September 3, 2019 6:50 AM
  • The AP devices are joining the dynamic group right? When I had this issue it was because I assigned the domain join config to a users group. Took me like a week of just guessing to figure it out.
    Tuesday, September 3, 2019 7:50 PM
  • Yes i have a dynamic group: 

    (device.devicePhysicalIDs -any _ -contains "[ZTDId]")

    and the devices are joined there when they are Azure AD joined to get the configuration to do a hybrid join with local AD.

    Thursday, September 5, 2019 11:52 AM
  • Anything on the firewall? Sorry can't be more helpful.
    Thursday, September 5, 2019 3:45 PM
  • I've done quite a bit of this and I've seen this error, usually when re-setting devices and they refuse to join the AD domain. Michael Niehaus gave me a lot of advice and suggested assigning the domain join profile to "All devices" instead of the dynamic group. This always works and I blogged about it here

    Michael since blogged about it himself. See the additional notes at the bottom.

    Gerry Hampson | Blog: | LinkedIn: Gerry Hampson | Twitter: @gerryhampson

    Tuesday, September 10, 2019 4:47 PM
  • Thanks Gerry, but i have other devices in Intune... assign Domain Join profile to "All devices" is not what i want....

    • Edited by skaggake Friday, September 13, 2019 9:15 AM
    Friday, September 13, 2019 9:11 AM
  • It doesn’t matter. Michael explains it in his blog post. This has no impact on existing machines as this policy is never sent to the client – it’s only used by the Intune service to create the ODJ blob.

    Gerry Hampson | Blog: | LinkedIn: Gerry Hampson | Twitter: @gerryhampson

    Friday, September 13, 2019 1:24 PM
  • Didn't work either... i dont understand what im doing wrong here.
    I have created a case at Microsoft, hopefully the premier support could give me some answers.

    Thanks for your help Gerry!

    Tuesday, September 17, 2019 11:43 AM
  • Hi @skaggake!

    Did you managed to solve the issue ? i'm facing exactly the same one and i did double, triple checks (firewall, connector,delegations, users scoping) and it's still doesn't work !

    Thanks for your help !

    Tuesday, November 12, 2019 4:37 PM