Solve Workplace Join un-enrollment problems

Solve Workplace Join un-enrollment problems

Q. I have enabled workplace join in my environment however after a period of time devices become un-enrolled. Why and how can I stop this?

A. When device registration is enabled with ADFS devices can be registered with Active Directory. However, after 90 days (by default) devices are cleaned up and removed from AD if the devices have not connected. This can be viewed using the Get-AdfsDeviceRegistration cmdlet and viewing the MaximumInactiveDays value as shown.

PS C:\> Get-AdfsDeviceRegistration

DrsObjectDN : CN=DeviceRegistrationService,CN=Device Registration Services,CN=Device Registration 
Configuration,CN=Services,CN=Configuration,DC=savilltech,DC=net
DevicesPerUser : 10
MaximumInactiveDays : 90
IsEnabledOnPremises : True
IsEnabledInCloud : False
DeviceObjectLocation : CN=RegisteredDevices,DC=savilltech,DC=net

To disable the cleanup set the MaximumInactiveDays value to 0, for example:

Set-AdfsDeviceRegistration -MaximumInactiveDays 0

 

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish