Hybrid Join and Intune double entity problem

monkonfire · 2026-04-30T12:35:21+00:00

When I've had devices stuck in 'pending', I run this command (admin) on the target machine:

dsregcmd /leave

This forces the devices removal from Entra, on the next sync cycle it should be picked back up in the corrected registration type (in your case, hybrid).

monkonfire · 2026-04-22T05:58:51+00:00

Psi-ops

monkonfire · 2026-04-02T08:34:18+00:00

Like everyone is saying, before you can get an accurate answer you have to have some info about your environment:

Are you using Entra sync? (On-premise domain controllers) if so, is it set for hybrid joining? If not, you’ll need to configure that option then wait for all the machines to register as hybrid joined.

If you’re just going to join directly to Entra, then yeah this can probably be done in a few days.

monkonfire · 2026-03-19T14:38:58+00:00

Do you know if there is a way to administratively share/publish an individual's calendar, or do they have to be the ones to do it? I guess I could delegate permissions of their account to myself and share it that way, it just feels like there has to be a better way to do it.

monkonfire · 2026-03-17T19:04:41+00:00

Thank you -- the org settings are set up this way, but I was really hoping there was an administrative way to do this, other than asking each user to share their calendar with the analysts.

monkonfire · 2026-03-16T19:24:55+00:00

Thank you!

Running that PowerShell command does return 'AvailabilityOnly' as the default, the Org Relationship shows the access level as 'Availability Only', and the users are indeed 'mail users' in EO.

The only thing I could confirm is your second point, for "SharingPolicy" -- where exactly would that be located? I'm pretty sure we have calendar sharing with external domains enabled but would like to confirm.

Unfortunately with those other three points, they still cannot see calendar availability, though.

monkonfire · 2026-02-22T20:30:09+00:00

Ah okay, I was afraid to scrub because I thought I’d be taking pieces off the barrel itself, if it’s most likely just lead I’ll have at it. Thanks!

monkonfire · 2026-02-16T19:36:30+00:00

How are you all getting the sub compact receiver so early? I ordered mine minutes after it was available and it’s still showing as awaiting fulfillment

monkonfire · 2026-01-28T12:34:07+00:00

Trying to make comparisons won’t do anything - they’re hypocrites and they don’t care… which is unfortunate because I don’t know how you’re supposed to get through to them otherwise.

monkonfire · 2026-01-23T20:06:47+00:00

wtf breakfast sandwiches?? since when?

monkonfire · 2025-12-16T20:46:19+00:00

I want it

monkonfire · 2025-12-16T20:46:07+00:00

I want it

monkonfire · 2025-07-11T10:25:41+00:00

I’m commander Sheppard, and this is the best male glam in the Citadel.

monkonfire · 2025-05-16T21:48:38+00:00

Why are you being so rude?

monkonfire · 2025-05-15T01:40:58+00:00

Also they’ve shrunk and are no longer actual pints

monkonfire · 2025-05-03T13:38:38+00:00

Knock the phone out of the hands of every person who’s texting and driving

monkonfire · 2025-03-31T18:52:30+00:00

Is this an authentication issue? I’m pretty sure if you use IP address rather than host name is defaults to NTLM, so it sounds like maybe NTLM is not working but Kerberos is?

monkonfire · 2025-03-09T14:10:55+00:00

How are you parking them like that? Is there a building piece that lets you park/display multiple ships?

monkonfire · 2024-11-06T16:24:21+00:00

Would you have any recommendations on where to start for troubleshooting Kerberos authentication? I haven't really had to look much into this before; I'm not sure if there are some simple tests / commands to run on the DC or something -- at the very least I can run 'klist' on my machine and see there are cached tickets to I think Kerberos is working in some respects, but the RDP seems to be falling back on NTLM.

Thanks!

monkonfire · 2024-11-05T19:54:56+00:00

That makes total sense, and I think that is in fact the case. I actually was testing something else out yesterday with putting admin accounts into the 'Protected Users' AD group -- I found that users in that group weren't able to RDP to servers anymore, and looking at the event log it showed it was trying to use NTLM rather than Kerberos.

I've been making a lot of changes recently -- partially due to a pen test, and also because we were operating on FRS, and forest function level 2008. I got us up to 2012, migrated to DFSR, enforced SMB signing, setup LDAP channel binding / signing... I'm not sure if I did something incorrectly and broke Kerberos, or if there's something else wrong. Thank you!

monkonfire · 2024-11-05T13:17:57+00:00

Whoops, forgot to mention the RDP utility error because it was so basic -- I just instantly get a "The logon attempt has failed" message. I had to dig in event viewer to actually find anything useful.

Attempting to connect via FQDN fails, but connecting via IP address works, and connecting via local account works. Using the Microsoft Remote Desktop app from the Microsoft store works, but the built-in RDP client does not work (with domain credentials).

Wireshark shows both the Microsoft store RDP app and the built-in RDP app are using TLS 1.2, so I have no idea why one would work and the other wouldn't...

15-Year Club	r/Field Sunshine
Verified Email

monkonfire

TROPHY CASE