ForensiT Homepage
Forum Home Forum Home > ForensiT Support > Domain Migration
  New Posts New Posts RSS Feed - No AzureAD account created
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

No AzureAD account created

 Post Reply Post Reply
Author
Message
hdrew View Drop Down
Newbie
Newbie


Joined: 08 Jun 2022
Location: Manchester
Status: Offline
Points: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote hdrew Quote  Post ReplyReply Direct Link To This Post Topic: No AzureAD account created
    Posted: 08 Jun 2022 at 5:00pm
Hi all,

Currently testing my first migration from a local user account to an AzureAD account using ProfWiz.

When running through the migration wizard all steps seems to go through smoothly, I've used the Save-AzureADUser.ps1 powershell script to retrieve the details of the AzureAD users, as well as cutting this down to one AD account I wish to try this on. I have also enrolled the device in Azure MDM before the running through the migration wizard.

After the machine has restarted, I can still see the original local user appearing with no other accounts available to be signed in with, I can see within "C:\Users" there is a new account created however this is not an AzureAD account and rather the original local user now with the hostname attached.

For example original local user "Test" can still be logged into and there is now a new user within the user folders of "Test.DESKTOP-NKER309".

Am I doing something wrong?

Cheers
Harrison

Logs
"ForensiT User Profile Wizard 24.0
Freeware Edition
Copyright (c) 2002-2021 ForensiT Ltd

Target device: DESKTOP-NKER309
OS build 10.0.19044.1288. Version 2009.
Domain: Joined to workgroup.
Processing UWP Apps... Done.
Setting Registry ACLs... Done.
Set Registry ACLs in 1.44 seconds.
Closing Apps... Done.
Setting Profile ACL... Done.
Set Profile ACL in 4.246 seconds.
Creating Profile registry keys... Done.
Adding new account to local groups... Done.
Setting HarrisonDrew as default logon... Done.
Migration Complete!"
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1609
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 08 Jun 2022 at 5:39pm
Hi, 

Have you joined the computer to Azure? Do you have the 'Other User' option on the logon screen? What is the status if you run dsregcmd /status 

As you are using the Freeware Edition, you need to join the computer to Azure yourself, this process can be automated using the Professional or Corporate Edition of User Profile Wizard by installing a Provisioning Package. 

The freeware edition of User Profile Wizard does not have the option to rename profile folders to match the new usernames, the Professional and Corporate Editions do have this option. There is a feature comparison here

Many thanks,

Support.
Back to Top
hdrew View Drop Down
Newbie
Newbie


Joined: 08 Jun 2022
Location: Manchester
Status: Offline
Points: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote hdrew Quote  Post ReplyReply Direct Link To This Post Posted: 09 Jun 2022 at 9:39am
Hi,

I have joined the machine to Azure MDM before running the migration wizard, however after running the migration I can't see the account being linked within Settings - Accounts - Access work or school. I can see settings being controlled by the MDM though within the updates settings.

When on the lock screen there is no other accounts or option to sign in with another account, I can only see the original local user created.

"C:\Users\Test.DESKTOP-NKER309.000>dsregcmd /status+----------------------------------------------------------------------+
| Device State                                                         |
+----------------------------------------------------------------------+             AzureAdJoined : NO
          EnterpriseJoined : NO
              DomainJoined : NO
               Device Name : DESKTOP-NKER309+----------------------------------------------------------------------+
| User State                                                           |
+----------------------------------------------------------------------+                    NgcSet : NO
           WorkplaceJoined : NO
             WamDefaultSet : NO+----------------------------------------------------------------------+
| SSO State                                                            |
+----------------------------------------------------------------------+                AzureAdPrt : NO
       AzureAdPrtAuthority : NO
             EnterprisePrt : NO
    EnterprisePrtAuthority : NO+----------------------------------------------------------------------+
| IE Proxy Config for Current User                                     |
+----------------------------------------------------------------------+      Auto Detect Settings : YES
    Auto-Configuration URL :
         Proxy Server List :
         Proxy Bypass List :+----------------------------------------------------------------------+
| WinHttp Default Proxy Config                                         |
+----------------------------------------------------------------------+               Access Type : DIRECT+----------------------------------------------------------------------+
| Ngc Prerequisite Check                                               |
+----------------------------------------------------------------------+            IsDeviceJoined : NO
             IsUserAzureAD : NO
             PolicyEnabled : NO
          PostLogonEnabled : YES
            DeviceEligible : YES
        SessionIsNotRemote : YES
            CertEnrollment : none
              PreReqResult : WillNotProvisionFor more information, please visit https://www.microsoft.com/aadjerrors"

From running dsregcmd /status it seems as if the machine has been unenrolled in the MDM however I can still see that settings are being managed by the MDM. 

When I try to re-enrol the device in MDM when selecting add work account no prompt appears to be able to login into a work account. The screen flickers once as if it's going to open a prompt but nothing appears.

Cheers
Harrison
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1609
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 09 Jun 2022 at 10:14am
Hi, 

The issue is that the computer is not joined to AzureAD, this is why you cannot log on to the new Azure account and access the migrated profile.

Can you join it via Settings > Accounts > Access work or school > Connect  ? 

As you are using the Freeware Edition, you need to join the computer to Azure yourself, this process can be automated using the Professional or Corporate Edition of User Profile Wizard by installing a Provisioning Package.

I hope this helps,

Many thanks,

Support.



+----------------------------------------------------------------------+
| Device State                                                         |
+----------------------------------------------------------------------+             AzureAdJoined : NO
Back to Top
hdrew View Drop Down
Newbie
Newbie


Joined: 08 Jun 2022
Location: Manchester
Status: Offline
Points: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote hdrew Quote  Post ReplyReply Direct Link To This Post Posted: 09 Jun 2022 at 11:29am
Hi,

So I have restarted the machine again which has now allowed me to connect the work account via settings, however still when running dsregcmd /status the device seems to still not be enrolled.

+----------------------------------------------------------------------+
| Device State                                                         |
+----------------------------------------------------------------------+
             AzureAdJoined : NO
          EnterpriseJoined : NO
              DomainJoined : NO
               Device Name : DESKTOP-NKER309
+----------------------------------------------------------------------+
| User State                                                           |
+----------------------------------------------------------------------+
                    NgcSet : YES
                  NgcKeyId : {9C239CC8-CA54-4543-87E8-2D431F173332}
                  CanReset : NO
           WorkplaceJoined : YES
          WorkAccountCount : 1
             WamDefaultSet : NO
+----------------------------------------------------------------------+
| SSO State                                                            |
+----------------------------------------------------------------------+
                AzureAdPrt : NO
       AzureAdPrtAuthority : NO
             EnterprisePrt : NO
    EnterprisePrtAuthority : NO
+----------------------------------------------------------------------+
| Work Account 1                                                       |
+----------------------------------------------------------------------+
         WorkplaceDeviceId : 9cb28a24-06c8-4f69-ba86-8b44e69f06d4
       WorkplaceThumbprint : C24D3C462B2D32E3923485491B2A5581D8F7DD62
 DeviceCertificateValidity : [ 2022-06-09 09:04:10.000 UTC -- 2032-06-09 09:34:10.000 UTC ]
            KeyContainerId : 1e44a43b-8656-4901-af8e-a4dafd896c9b
               KeyProvider : Microsoft Platform Crypto Provider
              TpmProtected : YES
              WorkplaceIdp : login.windows.net
         WorkplaceTenantId : ce6c2103-e516-4773-9412-8c2526d1ad9c
       WorkplaceTenantName : ************
      WorkplaceSettingsUrl : eyJVcmlzIjpbImh0dHBzOi8va2FpbGFuaTYub25lLm1pY3Jvc29mdC5jb20vIiwiaHR0cHM6Ly9rYWlsYW5pNy5vbmUubWljcm9zb2Z0LmNvbS8iXX0=
                    NgcSet : YES
                  NgcKeyId : 9c239cc8-ca54-4543-87e8-2d431f173332
                NgcKeyName : S-1-5-21-3223165885-359904972-1560689218-1001/0392b05d-d4ca-4019-96a1-1ee206917779/login.windows.net/ce6c2103-e516-4773-9412-8c2526d1ad9c/test@domain.com
+----------------------------------------------------------------------+
| IE Proxy Config for Current User                                     |
+----------------------------------------------------------------------+
      Auto Detect Settings : YES
    Auto-Configuration URL :
         Proxy Server List :
         Proxy Bypass List :
+----------------------------------------------------------------------+
| WinHttp Default Proxy Config                                         |
+----------------------------------------------------------------------+
               Access Type : DIRECT
For more information, please visit https://www.microsoft.com/aadjerrors

A work account is now appearing but it still not displaying as being connected to Azure?

I can also see that the OOBE service is running on the machine so was assuming that this is part of the migration process?

However after doing another restart I still can't seem to find another profile being created.

I have also attempted from Settings - Accounts - Work or school - Connect to enrol the device in Azure using the section to enrol I am getting the error Device already enrolled (error code 8018000a).

I can possibly try reimaging the machine and retry from step 1 but confused as to why the device appears to be enrolled however the status doesn't show it as enrolled.

Cheers
Harrison
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1609
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 09 Jun 2022 at 11:46am
Hi, 

User Profile Wizard configure the users’ profiles so that they work seamlessly with the users’ new accounts. The software does not move, copy or delete any data. Instead it configures the existing profile “in place” so that it can be used by the user’s new account. Please note that the Free Edition does not rename the profile folder, so you will still see the original profile folder under c:\users\.

If the computer has not joined AzureAD, you will not be able to log on with the Azure account yet, I would suggest that you continue to troubleshoot the AzureAD join issue, once the computer has joined Azure, you will be able to log on with the new account and access the migrated profile.  

Many thanks,

Support.

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.03
Copyright ©2001-2019 Web Wiz Ltd.

This page was generated in 0.094 seconds.