ForensiT Homepage
Forum Home Forum Home > ForensiT Support > Domain Migration
  New Posts New Posts RSS Feed - Intune based deployment and provisioning delays
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Intune based deployment and provisioning delays

 Post Reply Post Reply
Author
Message
RickestRick View Drop Down
Newbie
Newbie
Avatar

Joined: 05 Jul 2022
Location: UK
Status: Offline
Points: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote RickestRick Quote  Post ReplyReply Direct Link To This Post Topic: Intune based deployment and provisioning delays
    Posted: 05 Jul 2022 at 10:19am
Hi there,

We are currently testing the corporate edition for a Hybrid join to AADJ migration for the remaining devices we have that are not fully AP+AADJ provisioned.

We have the User Profile Migration tool packaged and deploying via Intune at present, which is working well on initial tests.

What we are struggling with is the delay in time after the completion of the wizard process when the provisioning package carries out the actual removal and rejoin to AAD, which seems to be a significate amount of time and can require multiple reboots, which isn't ideal.

Has anyone experienced the same or found ways to improve efficiencies at all in this area or are we doing something incorrectly?

Thanks!



Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1656
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 05 Jul 2022 at 10:49am
Hi, 

User Profile Wizard will unjoin the computer from the on prem domain and then install the Provisioning Package at the end of the migration process (just before the first reboot). 

As you know, after this reboot, this is when Windows will join the computer to the domain, and why the 'Other User' option is not there immediately on first boot. 

In our tests, we see that the 'Other User' option does occur after a period of time, but we've also seen that if the computer is rebooted again (after giving it enough time to join Azure), the Other User option is there immediately on next reboot. 

Are you seeing different behaviour? 

Support.
Back to Top
RickestRick View Drop Down
Newbie
Newbie
Avatar

Joined: 05 Jul 2022
Location: UK
Status: Offline
Points: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote RickestRick Quote  Post ReplyReply Direct Link To This Post Posted: 05 Jul 2022 at 11:40am
Hi there,

Thanks for the quick response.

Yes so currently we land on the login screen with an option to use a local admin etc. if we log in under that account the logs verify the migration is complete but despite multiple reboots of the device the other user option doesn't appear unfortunately.

We are having to leave the devices for a period of time before running the reboots as well, since carrying them out shortly after completion isn't helping.

Are their any post migration follow-on processes we could script to alleviate this at all perhaps?

We have a global userbase who are not office based so the steps need to implement with minimal interaction ideally.

Thanks!
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1656
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 05 Jul 2022 at 12:02pm
Hi, 

If the computer is not joining AzureAD after the profile migration, it sounds like there could be a problem with the Provisioning Package; 

Does the User Profile Wizard migration log report 'Calling Provisioning Package... Done' ?

Do you know if the Provisioning Package is working? You can run the PPKG manually on a computer on its own as a test to prove that, and you may find additional information in the Event Viewer or logs;

You should be able to see entries in the Event Log to help identify what the problem is with the Provisioning Package under;
Applications and Services Logs > Microsoft > Windows > User Device Registration > Admin

If the Provisioning Package is actually failing to install, there is an additional log at C:\ProgramData\ForensiT\Logs\ProvisioningPackage.log.

Support.
Back to Top
RickestRick View Drop Down
Newbie
Newbie
Avatar

Joined: 05 Jul 2022
Location: UK
Status: Offline
Points: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote RickestRick Quote  Post ReplyReply Direct Link To This Post Posted: 05 Jul 2022 at 3:06pm
Hi,

Yep, so the Calling Provisioning Package... Done step completes and there are no errors logged in the ProvisioningPackage.log.

There are a few warnings in the User Device Registration in event viewer but they clear up and provisioning is occuring - it seems that the multiple reboots do eventually clear the issue.

Unfortuntely we aren't able to replicate the issue when running the package manually - no reboots are required at all, it is only when running as part of the whole process that the problem is seen.

Thanks
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1656
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 06 Jul 2022 at 9:31am
Hi, 

Have you seen this on more than one computer? Do the event viewer entries give you any indication as to what the issue is / was?

At the end of the profile migration process, User Profile Wizard installs the Provisioning Package using the PowerShell cmdlet Install-ProvisioningPackage packagename.ppkg -ForceInstall

How did you install the Provisioning Package when you tested manually, did you use the above PowerShell cmdlet or did you add the package via Settings?

We've never seen any differences between User Profile Wizard installing the package, and it being installed manually via the PowerShell cmdlet, as it's the same process. 

Many thanks,
Back to Top
RickestRick View Drop Down
Newbie
Newbie
Avatar

Joined: 05 Jul 2022
Location: UK
Status: Offline
Points: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote RickestRick Quote  Post ReplyReply Direct Link To This Post Posted: 18 Jul 2022 at 11:00am
Hi,

Sorry for the delayed response!

We have actually resolved the issue now by changing some elements of the deployment and script :)

The only small problem we have now is that the machine flag file doesn't ever seem to get created when deploying via Intune, which results in the app being detected as failed etc. 

Is there anything obvious that we may be missing?

Thanks!



Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1656
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 01 Aug 2022 at 2:58pm
Hi, 

The Migration Flag file is created and checked for in the Migration PowerShell script. 
Could you have modified the script so that it is no longer created, or perhaps you aren't using the migration script at all?

If you are still having a problem, please contact us at support@forensit.com. 

Support.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.03
Copyright ©2001-2019 Web Wiz Ltd.

This page was generated in 0.047 seconds.