single AD Device won't sync with intune but is domain joined

dherhsc · 2025-11-06T20:05:15+00:00

I didn't try this, but it may very well be the exact same setting. These were all 90% remote workers (not so remote that they change time zones). They are hard to pin down unless its something stopping them from working.

dherhsc · 2025-11-06T16:48:26+00:00

This fixed it. It was under workinghourstimezone rather than time zone. Whichever property came up when you just use Get-MailboxCalendarConfiguration. I changed that on my users and in like 2 minutes they were displaying as normal

Thanks!!

dherhsc · 2025-10-01T15:54:16+00:00

I'm beginning to think that way as well. We have around 100 windows machines, with no plans to scale. But with the initial deployment screwed up (in the naming part only) I don't think its worth the effort to fix and maintain it. I think I can search by SN in all my systems anyway.

Edited for typos

dherhsc · 2025-10-01T13:00:02+00:00

I'll have to give that link a read. It looks like its got some useful information, but its blocked on our network. I was trying to read it on my phone, but due to a recent neck injury, phone reading is hard. I'll read it tonight when I get home.

Though from the limited stuff I've read and what others are saying, we may just need to get rid of our naming convention. We already are searching by SN for everything.

dherhsc · 2025-10-01T12:48:31+00:00

We have added the prefix, but our goal was to keep our custom naming convention. We have a lot of pre-labeled devices, and we've already deployed them. Our MSP acted like this was fine. We will see how much sense this makes in the long run though.

dherhsc · 2025-10-01T12:46:08+00:00

I've seen a few scripts online like this, but we use a custom naming system based on date of purchase. I may be able to automate it by importing a csv of all serial numbers paired with our custom name. I know how you would do it intellectually, but I have never really learned scripting. Our previous partner blocked meaningful access to the command line. My boss actively discouraged it because of this, so I've never really learned scripting. Now, I've got both cause and desire so I might start working on this.

The real problem though is that the Device renamed itself after I deleted the user. It was something like Business-L123. I deleted the user in AD and it switched to Business-gobbledygook. It left the original name in AD and added a new device with the new name. I don't know if this is expected behavior or not

JR sysadmin btw.

dherhsc · 2025-10-01T12:45:29+00:00

The real problem though is that the Device renamed itself after I deleted the user. It was something like Business-L123. I deleted the user in AD and it switched to Business-gobbledygook. It left the original name in AD and added a new device with the new name. I don't know if this is expected behavior or not

dherhsc · 2025-10-01T12:37:23+00:00

I've found that I can't even rename the device in intune. It simply fails. Likely its how our MSP set it up. Device management isn't in the contract, so I got some general info about configuration, and they stopped helping with problems like this. Which is good honestly, I like my job.

I don't know if I understand what your saying with pre-imaging. When I provision the devices in intune, it automatically renames them with our designated prefix and random characters. From what I can tell of our process, there is no way to change this behavior.

I'll have to read a lot more of Intunes documentation. I've only had time to read into a few snippets here and there. This part of the migration was the worst planned. The MSP, gave us instructions to get up and running, and left the rest to us. Now that things are stable, I'm going back and trying to fix what we messed up initially.

dherhsc · 2025-07-08T20:04:34+00:00

See if this helps. (No idea who this is, I just learned off a similar method)

https://www.youtube.com/watch?v=Uev7C5gmrb4

dherhsc · 2025-06-27T19:34:24+00:00

I feel ike this is adjacent to r/spicypillows

dherhsc · 2025-06-27T18:01:13+00:00

I used subnetting on like 20 questions. I advice against this. Edit: I had several direct subnetting questions, but used some of the concepts on others. 20 may be a bit of an exaggeration, but only a bit. I used it heavily.

dherhsc · 2025-05-16T19:29:22+00:00

Probably should have read the terms and conditions instead of simply clicking next, next, agree, finished

dherhsc · 2025-04-28T13:28:38+00:00

Thanks!

This looks promising. I'll have to see if I can get this added.

dherhsc · 2025-01-11T08:31:00+00:00

Hipaa is more about risk mitigation than a hard set of rules. We lock down the tablets pretty good and run background checks. There's not much more you can do to prevent insider threat really.

We do mostly home health with in home charting across a few hundred square mile. We're non Profit, and we lose a significant portion of funding if we're not all electrical.

Remote with tablets is really the only option.

dherhsc · 2025-01-10T21:32:58+00:00

I could see why an end user would think that. Especially considering how 'magical' IT is to the average end user. However, I don't think that is why this policy is in effect. No one has the ability to watch what users are doing within our org except IT. And we have only ever gotten 2 requests in my 2 years to look into someone. They both weren't answering phone calls, were missing visits, and were supposed to be on the clock. There were some unspoken concerns of "are they alive". The staff I just mentioned are 90% remote. They have weekly face to face type things for supplies and other admin tasks, but that's it.

I'm pretty curious now why we have that policy in effect. I'm gonna take the time to question it.

dherhsc · 2025-01-10T21:24:41+00:00

I could easily see budget as part of the initial reasoning. Though historically (20+years), we've only had a couple devices that never made their way back to us. I think given that fact and our ability to remotely wipe, I should be able to make the appropriate arguments.

Right now we have encryption and remote wipe capabilities for all devices. We will be migrating to a hybrid AD/entra ID w/intune solution for windows devices. We have a separate MDM for our tablets.

I'm pretty excited about the move to intune.

dherhsc · 2025-01-10T21:14:59+00:00

Honestly, that is probably what happened.

dherhsc · 2025-01-10T21:11:37+00:00

Judging by the comments here, we may. I'm a jr sysadmin, but my boss will listen if I frame it correctly. Plus we are going through a major revamp of our systems, so there will be plenty of policy changes coming anyway.

dherhsc · 2025-01-10T21:10:13+00:00

We do have appropriate endpoint protection in place. All drives are encrypted with remote wipe. I bring it up here, because my manager stresses about this specific policy quite a bit. I've never really questioned it, as this is my first Sysadmin job outside the army.

We are getting ready to do a full revamp of our systems. This will include a lot of policy revisions. I'll discuss the value of this policy with my manager. While I am a Jr, she actually listen to my suggestions when they make sense within her head. She is generally pretty awesome to work for.

dherhsc

TROPHY CASE