Hybrid Azure AD join is a situation when a device is joined to on-prem AD and your Azure AD at the same time.
Let's say your device fulfills all requirements to be able to make Hybrid AD join:
<ul>
<li>device is enabled and joined to your on-prem AD</li>
<li>device has generated a certificate and stored it in the UserCertificate AD attribute</li>
<li>device is synchronized to your Azure AD (via the AD Connect tool)</li>
</ul>
But the result is device record in Azure with pending state i.e. Hybrid join wasn't finished from the client side.
On the client, Hybrid join is automatically invoked via scheduled task 'Automatic-Device-Join' 
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1634145091282/NPAY9FlJ_.png" alt="image.png" />
I was facing the situation when this scheduled task run but ended with an error, so I came up with a simple PowerShell function <a target="_blank" href="https://github.com/ztrhgf/useful_powershell_functions/blob/master/INTUNE/Reset-HybridADJoin.ps1">Reset-HybridADJoin</a> that will basically reset Hybrid join status on the computer.
Function will:
<ul>
<li>un-join computer from AzureAD (using dsregcmd.exe)</li>
<li>remove leftover certificates</li>
<li>invoke rejoin (using sched. task 'Automatic-Device-Join')</li>
<li>inform user about the result</li>
</ul>
<hr />
Maybe it will help somebody...

Hybrid Azure AD join is a situation when a device is joined to on-prem AD and your Azure AD at the same time.

Let's say your device fulfills all requirements to be able to make Hybrid AD join:
- device is **enabled ** and **joined ** to your on-prem AD
- device has generated a certificate and stored it in the **UserCertificate ** AD attribute
- device is **synchronized ** to your Azure AD (via the AD Connect tool)

But the result is device record in Azure with **pending** state i.e. Hybrid join wasn't finished from the client side.

On the client, Hybrid join is automatically invoked via scheduled task 'Automatic-Device-Join' 
![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1634145091282/NPAY9FlJ_.png)

I was facing the situation when this scheduled task run but ended with an error, so I came up with a simple PowerShell function [Reset-HybridADJoin](https://github.com/ztrhgf/useful_powershell_functions/blob/master/INTUNE/Reset-HybridADJoin.ps1) that will basically reset Hybrid join status on the computer.

Function will:
- un-join computer from AzureAD (using dsregcmd.exe)
- remove leftover certificates
- invoke rejoin (using sched. task 'Automatic-Device-Join')
- inform user about the result

---

Maybe it will help somebody...


Fixing Hybrid Azure AD join on a device using PowerShell

With over 15 years of experience as a system administrator, I have a passion for automating workflows using PowerShell. I believe in sharing my creations with the community. Why not, right? :)
