Post

Azure AD join error code 8018000a – This device is already enrolled

Posted Updated
By Marc Mylemans 2 min read

Introduction:

If you ever encounter the Azure AD join error code 8018000a, it indicates that the device was previously joined to Azure AD. This situation can prevent you from rejoining the device to Azure AD without first clearing certain settings.

Solution:

To resolve this error, you will need to remove the existing device registration from your system registry. Below is a PowerShell script that automates this process. Before proceeding, ensure you execute this script with administrative privileges and back up your registry to prevent any accidental data loss.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

##This script checks for devices registered to AzureAD and removes them so you can successfully perform an AzureAD join. 
# We recommend you backup your registry prior to running. We take no responisbility for the use of this script.



$sids = Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\EnterpriseResourceManager\Tracked' -name |where-object {$_.Length -gt 25}


Foreach ($sid in $sids){

Write-host "Found a registered device. Would you like to remove the device registration settings for SID: $($sid)?" -ForegroundColor Yellow 
    $Readhost = Read-Host " ( y / n ) " 
    Switch ($ReadHost) 
     { 
       Y {Write-host "Yes, Remove registered device"; $removedevice=$true} 
       N {Write-Host "No, do not remove device registration"; $removedevice=$false} 
       Default {Write-Host "Default, Do not remove device registration"; $removedevice=$false} 
     } 


if ($removedevice -eq $true) {

$enrollmentpath = "HKLM:\SOFTWARE\Microsoft\Enrollments\$($sid)"
$entresourcepath = "HKLM:\SOFTWARE\Microsoft\EnterpriseResourceManager\Tracked\$($sid)"


##Remove device from enrollments in registry

$value1 = Test-Path $enrollmentpath
If ($value1 -eq $true) {

write-host "$($sid) exists and will be removed"

Remove-Item -Path $enrollmentpath -Recurse -confirm:$false
Remove-Item -Path $entresourcepath -Recurse -confirm:$false


} 
Else {Write-Host "The value does not exist, skipping"}



##Cleanup scheduled tasks related to device enrollment and the folder for this SID


Get-ScheduledTask -TaskPath "\Microsoft\Windows\EnterpriseMgmt\$($sid)\*"| Unregister-ScheduledTask -Confirm:$false


$scheduleObject = New-Object -ComObject Schedule.Service
$scheduleObject.connect()
$rootFolder = $scheduleObject.GetFolder("\Microsoft\Windows\EnterpriseMgmt")
$rootFolder.DeleteFolder($sid,$null)

Write-Host "Device registration cleaned up for $($sid). If there is more than 1 device registration, we will continue to the next one."
pause


} else { Write-host "Removal has been cancelled for $($sid)"}


}


write-host "Cleanup of device registration has been completed. Ensure you delete the device registration in AzureAD and you can now join your device."

After Running the Script:

After executing the script, make sure to manually delete the device registration from Azure AD to avoid any conflicts. This ensures that your device is fully ready for a new Azure AD join operation.

Conclusion:

Following these steps should clear the error and allow you to proceed with joining your device to Azure AD. If the problem persists, consider consulting Azure support for further assistance.

Azure, Intune
windows 10 11 powershell error azuread
This post is licensed under CC BY 4.0 by the author.