Discovery credentials for Windows Autopilot workstations Azure AD joined

cynlink1
Tera Expert

‎02-13-2023 05:51 PM

We have Windows Autopilot workstations joined to Azure AD only. These devices have NO network line of sight to our on-premises domain controllers so it is not possible to use a domain service account for credentials. We set up a service account in Azure AD for the purposes of performing Discovery. However, the credentials are failing regardless of the format we use. Is it possible to set up credentials using an Azure AD service account to run Discovery on Azure AD joined workstations? If yes, what is the format? If not, is our only alternative to use a local admin user account?

0 Helpfuls
  • 713 Views
9 REPLIES 9

Rahul Priyadars
Giga Sage
Giga Sage
In response to cynlink1

‎02-16-2023 07:08 PM

I am Confused ..

Service Now can do SSO with Azure AD - Correct

 

So i am wondering why Azure AD admin user can not be used for IP based Discovery....Conceptually i am unable to digest.

 

Regards

RP

0 Helpfuls

cynlink1
Tera Expert
In response to Rahul Priyadars

‎02-16-2023 07:56 PM

In our case, SSO works with an on-premises Active Directory domain. Active Directory Domain Services directory synchronizes with Azure AD to enable it to authenticate on-premises users for Office 365. 

 

The Windows AutoPilot workstations are not joined to the local (on-premise) domain.

They are Azure AD joined and managed in Microsoft Intune - Endpoint Management.

The MID Servers joined to the local domain.

 

Does this information help clarify?

 

 

0 Helpfuls

Georgi2
Tera Contributor

‎04-11-2024 01:20 PM

Anyone has an answer here? We are running into the same where Azure AD Joined computers we can't use local admin credentials to discover them. Keep running into access denied.

0 Helpfuls

Steven Parker
Giga Sage
In response to Georgi2

‎09-18-2024 12:17 PM - edited ‎09-18-2024 12:18 PM

Did you ever find a solution for this?  We just placed some device objects in Azure AD created a local admin on them, but ServiceNow instance can't discover them using the Windows credential we created.  Running discovery it sees the devices as active but no valid credential.


Please mark this response as correct and/or helpful if it assisted you with your question.
Steven
0 Helpfuls

pratik0306
Tera Guru
In response to Georgi2

‎09-20-2024 07:01 AM

is the MID in same domain as the computers in question?

You can try for the option of gMSA as well if that is permissible

 

0 Helpfuls