When building devices through autopilot or on-premise and you require the devices to be Hybrid Azure AD joined this will speed the process. AAD Connect delta sync runs every 30 minutes by default but if deploying through Autopilot this process can take too long during the Account Setup process.
This script needs to be added to the AAD connect server and scheduled to run every 5 mins, it checks for any new computers added to a specific OU with the user certificate properties, if a device has been added with the user certificate it will trigger off a delta sync, this script only attempts to sync devices that have been created within the last 5 hours.
Import-Module ActiveDirectory
$time = [DateTime]::Now.AddMinutes(-5)
$computers = Get-ADComputer -Filter 'Modified -ge $time' -SearchBase "OU=AutoPilotDevices,OU=Computers,DC=domain,DC=com" -Properties Created, Modified, userCertificate
If ($computers -ne $null) {
ForEach ($computer in $computers) {
$diff = $computer.Modified.Subtract($computer.Created)
If (($diff.TotalHours -le 5) -And ($computer.userCertificate)) {
$syncComputers = "True"
}
}
# Wait for 30 seconds to allow for some replication
Start-Sleep -Seconds 30
}
If ($syncComputers -ne $null) {
Try { Start-ADSyncSyncCycle -PolicyType Delta }
Catch {}
}Create a folder on the AAD Connect server under the root of C:\ Save the Powershell script to this location
MAKE SURE TO UPDATE THE -SEARCHBASE “OU”
Open Task Scheduler, Right click and select Create Task
Name the Schedule
Next Select Actions, then New
Set the Following parameters:
Program/Script : Powershell.exe
Add Arguments: set-executionpolicy bypass -file “C:\Task Schedule Script\AADConnect.ps1”
It will look like this:
Click on OK. Enter an admin username and password.
