Skip to main content
HashnodeDo it PowerShell way :)Do it PowerShell way :)

Command Palette

Search for a command to run...

Fixing Windows clients Intune automatic enrollment issues using PowerShell

Published
โ€ข2 min read
Fixing Windows clients Intune automatic enrollment issues using PowerShell
O
Ondrej Sebela

I work as System Administrator for more than 15 years now and I love to make my life easier by automating work & personal stuff via PowerShell (even silly things like food recipes list generation).

Part of seriesIntune/SCCM/MDT

If you are using automatic enrollment of your clients to Intune (via GPO or SCCM), you've probably encountered a situation when some of the clients failed to enroll. You could find this out by accident or by using my Intune clients report.

And I am talking about situations when all prerequisites are met and 95% of your clients have enrolled without any issues ๐Ÿ˜€.

I was facing such issue for several weeks now, but finally, I manage to create a working PowerShell function Reset-IntuneEnrollment that solves all enrollment issues (at least for us). Hopefully, it will help you too ๐Ÿ‘

Reset-IntuneEnrollment function will:

  • check actual device Intune status
  • invoke Hybrid AzureAD join reset
  • remove device record(s) from Intune
  • remove local client Intune enrollment data
  • invoke Intune re-enrollment

Btw this DSRegTool PowerShell script can help you too diagnose your registration/enrollment problems.

Prerequisites

These custom functions can be used on their own and can be helpful too!

Usage

Result of calling Reset-IntuneEnrollment function can look like this: image.png

Enjoy ๐Ÿ‘

#powershell#windows#azure

Comments (2)

Join the discussion
J
Jeremy Pridgen3y ago

Hello!

When trying to run the process on an existing machine I'm able to run the process and get to where it's waiting for the intune cert, but it's unsure if it can be found

Then it fails to run the AgentExecutor.log - any thoughts on why it errors here? - note: this is being run on a machine already enrolled into intune - Had images for reference, but unable to attach

I tried to re-run again and it wasn't able to find the guid from the task scheduler

Also tried on another machine and got the same error

O
Ondrej Sebela3y ago

Hi, something in the enrollment process was changed maybe...I luckily wasn't in need to use this function for a long time. DM me on Twitter https://twitter.com/AndrewZtrhgf with the screenshots. Maybe we will find solution to this.

A
Andrew Johnson3y ago

Hello, this script seems to be exactly what I'm looking for. I am having issues with the Invoke-InTuneReenrollment portion. That's the only part that I need for what I'm working on. What modules do I need for this part only?

O
Ondrej Sebela3y ago

Not sure what you are asking? Anyway internally Invoke-InTuneReenrollment uses function Invoke-AsSystem which is defined in Reset-HybridADJoin function.

If this is not the case, send me the screenshot with the error you are facing.

A
Andrew Johnson3y ago

I meant that when I try to run just the Invoke-MDMReenrollment ps1, it does nothing. No error message. Just nothing. Do I need any certain Powershell modules installed?

Ondrej Sebela

O
Ondrej Sebela3y ago

Andrew Johnson You have to dot source the ps1 script file and then call a function that it defines, which is Invoke-MDMReenrollment.

Intune/SCCM/MDT

Part 20 of 29

Various PowerShell functions related to Intune, SCCM, and MDT.

Up next

Fixing Hybrid Azure AD join on a device using PowerShell

Hybrid Azure AD join is a situation when a device is joined to on-prem AD and your Azure AD at the same time. Let's say your device fulfills all requirements to be able to make Hybrid AD join: device is enabled and joined to your on-prem AD device...

More from this blog

D

Do it PowerShell way :)

78 posts

With over 15 years of experience as a system administrator, I have a passion for automating workflows using PowerShell. I believe in sharing my creations with the community. Why not, right? :)