Let’s discuss Troubleshoot and Fix Issue in Duplicate Device Records in Entra ID During Autopilot Hybrid Join. Some of the users face issues while deploying Windows Laptops with Autopilot and are Hybrid AD joined. This issue is affecting the deployed devices.
There are many issues that occur on Windows Autopilot devices. Most of the issues happen due to mistakes from the Admin side, Network Issues, etc. In this case, the Duplicate Device Records issue occurred which is confirmed by Microsoft.
As you know, in old sore, devices are created twice as the device is first Entra AD joined, after which the device is joined as a Hybrid AD joined device (configuration profile), and thus creating two devices which represent one physical device.
Microsoft Support confirmed the above mentioned old soar and does not seem to be a solution. In this case, the same issue is occurred. In this blog post, I would like to share the reasons and recommended actions of this issue.
Table of Contents
Troubleshoot and Fix Issue in Duplicate Device Records in Entra ID During Autopilot Hybrid Join
As mentioned, the issue is occurred due to old sore which makes issue in Windows Autopatch Deployment. Hybrid AD joined device shows that it is not managed by an MDM, while the Entra-ID joined device shows managed by Intune.
| Old Sore Details |
|---|
| An Entra-ID joined device that becomes stale over time, as the device stats are no longer updated. And thus becomes Uncompliant. |
| An Entra-ID Hybrid joined device which is managed by Intune, and updated so wherefore the device is compliant. |
- How to Resolve Error 0x80070017 on Autopilot Device Setup in Intune
- Beginners Guide Setup Windows Autopilot Deployment
- Free Entra Training Videos | Start Learning Entra ID Azure AD
After Effects of the Issue
Due to this issue, correct device is no longer updated by Intune. Also when looking the device ownership it can be can seen that the wrong device states company owned, while the Hybrid AD joined device shows none. Policy Targeting and reporting will be affected.
Workaround
This issue has no final resolution. the issue is well known by Microsoft and they still confirm that in a hybrid environment you should only have one hybrid artifact in Entra per device after the initial sync.
Some of the Admins suggest workaround which can be used to resolve your issue. But it is not final resolution. The valuable suggestions are provided by Mr.
Bogdan_Guinea, rpcpancil and TherealKillerbe.
Manual Cleanup
Mr. rpcpancil suggested that Manual cleanup is the best solution. Delete stale Entra ID devices after verifying the correct one is active.
Reset Device Registration with Command
Mr. Bogdan_Guinea suggested that, Login in to the device and open cmd in administrator mode. Then you need to run the command DSREGCMD /leave. Checking the status (DSREGCMD /Status) before the leave shows that the device is Hybrid Ad joined. After the leave, the status shows that the device is not Entra-ID joined. Then you need to reboot the device.
Once the device is rebooted you again check the status and see that although you performed a leave, the device is still Hybrid AD joined. At this moment, the Entra-ID device is updated in which the Hybrid Entra-ID device ownership is registered to company.
- In Intune device is still not updated and remains stale.
- Then run the DSREGCMD /Join command again in administrator mode.
- Then the Intune device will be registered correctly.
- A reboot is required in each step, and thus also after performing the Join.
- No objects were deleted from Entra-ID during the procedure.
- So even after the process, your objects for the device remain.
- Remove the obsolete device this time, after verifying that the correct device is registered in Intune.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.