【Microsoft Intune】 Points I got hooked on in the Auto Pilot project [Part 2]
- Part 2
!
Hello everyone, this is the upper tip of I-NET CORP. Technology. This is the point part 2 that I got hooked on in the Auto Pilot project.
Today is a little about operation, so it is not a loss to remember!
・Poor environment
Let's review it a bit. Because of the need to use GPOs and join an on-premises domain environment, Hybrid Azure AD join FYI https://qiita.com/ChihiroUeguchi/items/920c8e6ab315d3eefbe2
Here's what you need to do before Auto Pilot:
What I was addicted to in this operation is related to (1) and (2).
As we've said before, Auto Pilot gets HWIDs and other devices when you buy them from suppliers.
It starts with importing into Intune. * Or Jan code loading
・ Points that I was addicted to
Let's assume you actually put it into operation. Every day the device is used in the field and there are calls saying "lost" or "I want to reset the OS" and so on. Asking someone to reset your OS may not be urgent, but "lost!" We must respond promptly to such communications.
So I performed a wipe from Intune.
Five minutes later, there was!! Please revert!! Orz said something that made me cry、、、、
Now, we decided to run Auto Pilot again.
however
What?!!! What is it??
I've never seen such an error、、、
When I googled it, various things came out, but the following was common. https://www.moderndeployment.com/intune-hybrid-domain-join-error-80180005/
- Possible causes.
1. Is the ODJ Connector Service not working properly? 2. Is the Domain Join setting in the Device configuration profile incorrect? 3. Can't communicate with On-premises AD? And so on.
However, after repeated examination, it became clear that there was not only the above problem, but also a fundamentally necessary task. That is, you have to clean up (1) and (2) that I talked about in the review of the environment and import (1) again.
- Let's sort it out.
When implementing Auto Pilot, the first thing to do is to
When you import an HWID in (1), a serial number is associated with the associated AzureAD device.
Then, when the ODJ succeeds during Auto Pilot on the device side and the device is enrolled in Intune,
The serial number will be changed to the device name as follows:
You can see that the device name has also been changed from the AzureAD device.
* In the case of Hybrid Azure AD Join, two device names are registered.
(Currently a bug.) From the support, it will be one after GA. )
The settings such as each Device configuration profile are then poured in to complete the Auto Pilot.
- Now, on to the main subject.
How can I avoid getting addicted?
First of all, I said that I have to clean (1) and (2) clean when wiping, and import (1) again,
Wiping removes your device from Intune, right?
Let's start with AzureAD devices.
Hybrid Azure AD Joined devices become noncompliant, and two device objects are in a state of existence.
What about the device that imported the HWID?
You can see that the device name is still linked.
This is the point!
This associated Intune device and AzureAD device are left and the next time Auto Pilot is
It is not possible to associate the name of the newly created device when it is executed.
So, is it okay to delete the HWID and import it again? I mean, that's not enough.
Earlier we talked about two device objects left.
When I import the HWID again、、、
Since the devices remaining in the AzureAD device are linked, the newly imported device is
It is not linked.
- Conclusion
I have talked about various things this time, but the conclusion is that, When running Auto Pilot in a Hybrid Azure AD Joined environment, be sure to start over from scratch after wiping.
After wiping, the HWID imported into the remaining AzureAD device is associated, so ODJ is associated during Auto Pilot It will not operate properly.
It will be useful information for everyone even a little~to
So, stay tuned for Part 3.