You are currently viewing How to resolve pending registration on AAD

How to resolve pending registration on AAD

  • Post category:Azure
  • Post comments:0 Comments

Pending machines are machines that are synchronized on Azure AD but have not completed their registration via the Azure AD Device Registration service. The pending registration on AAD can have several causes:

  • The machine has been down for a long time and the Azure AD device registration certificate has expired.
  • Someone manually deleted the device’s registration certificate
  • Someone manually deleted the machine object in the Azure AD portal.
  • The machine is registered in another Azure AD tenant.

We will find it easy to deal with this kind of case. Just re-register the machine manually.

Resolve pending registration on AAD manually

1. Unregister the machine from Azure AD

On the machine to be unregistered, open a command prompt in admin mode and type the following command:

Dsregcmd /leave

Make sure that the certificates issued by “MS-Organization-Access” and “MS-Organization-P2P-Access [20xx]” have been deleted from the local machine’s personal certificate shop:

We then check if the unsubscription is effective by typing the command dsregcmd /status.

2. Re-register the machine via Hybrid Azure AD join

On the target machine, start the Task Scheduler as an administrator. Go to Task Scheduler Library > Microsoft > Windows > Workplace Join. Manually start the “Automatic-Device-Join” task.

In the list of certificates mentioned above, check that the certificates provided by “MS-Organization-Access” and “MS-Organization-P2P-Access [20xx]” are present.

Then type the command dsregcmd /status again in a command prompt to check that AzureAdJoined is in Yes.

How to find all pending machines?

You can list all machines that are in pending status with a Powershell command. This makes it easier to process them. This command exports the machines to a csv file.

Get all pending devices and save the returned data in a CSV file:
Get-AzureADDevice -all $true |  Where-Object{($_.DeviceTrustType -eq"ServerAd") -and ($_.ProfileType -ne"RegisteredDevice") -and (-not $_.AlternativeSecurityIds)} | select-object -Property AccountEnabled, ObjectId, DeviceId, DisplayName, DeviceOSType, DeviceOSVersion, DeviceTrustType | export-csv pendingdevicelist-summary.csv -NoTypeInformation

Pending registration on AAD: Conclusion

There are many reasons for pending registration problems on AAD. You will see that most of the time, these are machines that have not been connected for a while. Think of doing a first sort to filter these machines. You will then have a better idea of the number of machines to be processed. However, this registration problem remains at the margin. You should not find many pending machines.

Tags: ,

Leave a Reply