-
Notifications
You must be signed in to change notification settings - Fork 239
/
Copy pathCleanup AzureAD device registration.ps1
66 lines (35 loc) · 2.23 KB
/
Cleanup AzureAD device registration.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
##This script checks for devices registered to AzureAD and removes them so you can successfully perform an AzureAD join.
# We recommend you backup your registry prior to running. We take no responisbility for the use of this script.
# Source = https://www.inspiredtechs.com.au/fix-for-azure-ad-join-error-code-8018000a-this-device-is-already-enrolled
$sids = Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\EnterpriseResourceManager\Tracked' -name |where-object {$_.Length -gt 25}
Foreach ($sid in $sids){
Write-host "Found a registered device. Would you like to remove the device registration settings for SID: $($sid)?" -ForegroundColor Yellow
$Readhost = Read-Host " ( y / n ) "
Switch ($ReadHost)
{
Y {Write-host "Yes, Remove registered device"; $removedevice=$true}
N {Write-Host "No, do not remove device registration"; $removedevice=$false}
Default {Write-Host "Default, Do not remove device registration"; $removedevice=$false}
}
if ($removedevice -eq $true) {
$enrollmentpath = "HKLM:\SOFTWARE\Microsoft\Enrollments\$($sid)"
$entresourcepath = "HKLM:\SOFTWARE\Microsoft\EnterpriseResourceManager\Tracked\$($sid)"
##Remove device from enrollments in registry
$value1 = Test-Path $enrollmentpath
If ($value1 -eq $true) {
write-host "$($sid) exists and will be removed"
Remove-Item -Path $enrollmentpath -Recurse -confirm:$false
Remove-Item -Path $entresourcepath -Recurse -confirm:$false
}
Else {Write-Host "The value does not exist, skipping"}
##Cleanup scheduled tasks related to device enrollment and the folder for this SID
Get-ScheduledTask -TaskPath "\Microsoft\Windows\EnterpriseMgmt\$($sid)\*"| Unregister-ScheduledTask -Confirm:$false
$scheduleObject = New-Object -ComObject Schedule.Service
$scheduleObject.connect()
$rootFolder = $scheduleObject.GetFolder("\Microsoft\Windows\EnterpriseMgmt")
$rootFolder.DeleteFolder($sid,$null)
Write-Host "Device registration cleaned up for $($sid). If there is more than 1 device registration, we will continue to the next one."
pause
} else { Write-host "Removal has been cancelled for $($sid)"}
}
write-host "Cleanup of device registration has been completed. Ensure you delete the device registration in AzureAD and you can now join your device."