Windows
      Back to home
      1. Help Center
      2. Windows

      How to Rename a Microsoft Entra hybrid joined (HMEJ) Device Using Scheduled Task

      Overview

      Microsoft Entra hybrid joined devices cannot be renamed using an autopilot profile as the device would lose trust with the domain controller.

      In this article we will explain what's required on the Active Directory side and provide a script that will generate an incremental device name based on the variables entered by the customer.

      The article is based on instructions and a script written by Michael Niehaus on his oofhours.com website. The script has been modified to increment device name based on user's input rather than randomly generated names.

      Requirements

      • Domain admin access
      • Intune application administrator access

      Delegating Access to SELF

      In order for the device to be able to rename itself, it needs to be delegated the appropriate access to the OU it resides in.

      1. Open Active Directory Users and Computers as a domain admin and right click on the OU that the devices will be placed in. Choose Delegate Control… from the context menu.


      2. Choose the account that you want to delegate to.  Click to Add and then specify SELF as the object name.


      3. Once selected, you should see something like this:


      4. Choose what rights to delegate.  Choose Create a custom task to delegate from the choices.


      5. Choose Computer objects from the list of object types.


      6. Check Read All Properties and Write All Properties to enable renaming:


      7. And finally, complete the wizard by clicking Finish. The objects should now hace the required delegated permissions to self manage in Active Directory.

      Customizing the app and script

      1. Download this file and unzip it.
      2. Open the PowerShell script RenameComputer.ps1
      3. Edit line 104 $Baseline variable to specify the name of the first device. i.e.: device-001
      4. Save the RenameComputer.ps1
      5. Open CMD and navigate to the unzipped folder location
      6. Run the following command:
        intunewinapputil.exe -c .\RenameComputer -s RenameComputer.ps1 -o .\ -q

      Setting up the Rename Computer app

      1. Sign into Intune with an Application Administrator account.
      2. Navigate to Apps > Windows and click Add.
      3. From the App type drop down select Windows app (Win32).
      4. Select the package file RenameComputer.intunewin.


      5. Specify the basic properties for the app should be specified as appropriate


      6. Specify the command line details:

        Install command:  powershell.exe -noprofile -executionpolicy bypass -file .\RenameComputer.ps1
        Uninstall command:  cmd.exe /c del %ProgramData%\Microsoft\RenameComputer\RenameComputer.ps1.tag
        Device restart behavior:  Determine behavior based on return codes



      7. Specify the architectures needed (x86, x64) and minimum OS version.


      8. Fill in the detection rule that looks for a particular file that the script will create:

        Path:  %ProgramData%\Microsoft\RenameComputer
        File or folder:  RenameComputer.ps1.tag
        Detection method:  File or folder exists

      9. Assign the app to a group of devices – ideally a test group, so you can try this out in a controlled environment.