This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 7.000000000000001%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hey everyone,
We have been going through the process of enrolling our existing Windows domain joined machines to Intune MDM, we had about 180 users and most of them have been enrolled fine. These are all Hybrid AAD Joined machines.
A quick summary of procedure we followed:
We have had most success when we have followed the above method.
But we have one machine which is failing at the second point where it is not getting the MDM url. I have checked and made sure that the user who is logged into the machine has an Intune license. I understand this usually takes time, but for this user it has been more than two weeks. The machine is joined to Azure AD successfully, it has an hybrid Azure AD record with a registered date and an activity date. This is the first user among 150+ users we have enrolled who is having this issue.
I have noticed with previous enrolments that without MDM url, the machine won't automatically enroll into intune even if the intune automatic enrollment GPO is applied on the machine.
What we have done for troubleshooting:
This process didn't help, it has been 5 days since we did this troubleshooting steps.
Any help would be appreciated.
Off-hand, I have no idea what that means, but it sounds like the device does not have connectivity to the domain at the time it is attempting to complete the HAAD join (which happens when a user logs into the device).
Just an update, the issue was for some reason the password was not synced between AD and O365/Azure for this user. Hence the user was not getting the mdm url.
Got to know this when user somehow mentioned that they had to type their older credentials for Outlook on machine. So had the user reset their password made sure this time the sync was fine and after about 15 min, the machine has the MDM url and machine enrolls into Intune successfully. Though before this process we had the process of unjoin the machine completely from HAAD and AD, then rejoin it.
Thank you for the follow-up. A user not authenticating properly to AAD will certainly prevent them from getting a PRT and thus getting anything from AAD or an AAD authenticate service is not possible and this makes sense why it would fail. I have no idea why their password sync would fail but hopefully it is/was a one-off issue for your environment.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 4%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENA%3C/text%3E%3C/svg%3E)
Also having this issue and the "fix" which works 100% of the time is to deploy the MDMURL and other URLs missing from the dsregcmd /status command via GPO.
After joining a device to the domain and rebooting, then running gpupdate, the MDM enrollment scheduled task appears in task scheduler and successfully runs every time.