Microsoft Entra Hybrid Join – Devices Stuck in "Pending" Status

Question

Hello Team,

We are facing an issue with our on-premises Active Directory (AD) integrated with Active Directory Federation Services (AD FS). We have correctly configured Microsoft Entra hybrid join using Microsoft Entra Connect, following the official documentation.

However, we have observed that all our devices are showing up in Microsoft Entra devices with a status of "Pending", and this status remains unchanged indefinitely. To troubleshoot, we have already tried running the following command: dsregcmd /leave. After rebooting the PCs, the issue persists.

Running the below command, results in the following output:

C:\Users\abc> dsregcmd /debug /join

DsrCLI: logging initialized.

DsrCLI: logging initialized.

DsrCmdJoinHelper::Join: ClientRequestId: e58946ab-b851-1759-3658-69824b6857fDsrCmdAccountMgr::IsDomainControllerAvailable: DsGetDcName success { domain:contoso.local forest:contoso.local domainController:\dc1.contoso.local isDcAvailable:true }

PreJoinChecks Complete.

preCheckResult: Join

deviceKeysHealthy: undefined

isJoined: undefined

isDcAvailable: YES

isSystem: YES

keyProvider: undefined

keyContainer: undefined

dsrInstance: undefined

elapsedSeconds: 1

resultCode: 0x0

Automatic device join pre-check tasks completed.

TenantInfo::Discover: Call to DsrBeginDiscover failed before wait. 0x80070057

DsrCmdJoinHelper::Join: TenantInfo::Discover failed with error code 0x80070057.

DSREGCMD_END_STATUS

AzureAdJoined : NO

EnterpriseJoined : NO

We also ran the DSRegTool PowerShell script but did not encounter any significant errors.

Given the error code 0x80070057 and the devices not registering with Azure AD, we suspect there could be an issue either with the tenant discovery process or with certain configuration steps that might have been overlooked.

Has anyone encountered this error before or have any insights into further troubleshooting steps to resolve this issue?

Any guidance would be greatly appreciated.

Thanks

Answer 1

Hi @Kalpesh Chudasama

Thank you for reaching Microsoft Q&A!

I understand that your Microsoft Entra Hybrid Join – Devices Stuck in "Pending" Status" this problem can be caused by several factors.

1. The device object is moved to another organizational unit (OU) that isn't in the sync scope in Microsoft Entra Connect Sync.
2. Microsoft Entra Connect Sync recognizes this change as the device object being deleted in the on-premises Active Directory. Therefore, it deletes the device in Microsoft Entra ID.
3. The device object was moved back to the OU in the sync scope.
4. Microsoft Entra Connect Sync creates a pending device object for this device in Microsoft Entra ID.
5. The device fails to complete the device registration process because it was registered previously.

To fix the problem, unregister the device by running dsregcmd /leave at an elevated command prompt, and restart the device. The device will reinitiate the device registration process through the scheduled task. For Windows 10-based devices, the scheduled task is under Task Scheduler Library > Microsoft > Windows > Workplace Join > Automatic-Device-Join Task.

Reference: https://learn.microsoft.com/en-us/answers/questions/1161747/hybrid-azure-ad-joined-device-registration-pending
Hope this helps. Do let us know if you any further queries by responding in the comments section.

Thanks,

Akhilesh.

---

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.