{"id":9427,"date":"2025-12-16T07:19:37","date_gmt":"2025-12-16T07:19:37","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=9427"},"modified":"2025-12-16T07:19:39","modified_gmt":"2025-12-16T07:19:39","slug":"usercertificate-ad-attribute-not-populating-for-hybrid-join","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/usercertificate-ad-attribute-not-populating-for-hybrid-join","title":{"rendered":"usercertificate AD Attribute not populating for Hybrid Join"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">And a summary of those labeled, numbered steps:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>The device queries AD to find the SCP, in order to obtain AAD tenant details.<\/li>\n\n\n\n<li>The AAD tenant details are returned.<\/li>\n\n\n\n<li>The device creates a self-signed certificate and updates the userCertificate property on its own computer object with that info.<\/li>\n\n\n\n<li>AAD Connect after the userCertificate has been populated, up to 30 minutes later) syncs the AD computer object into Azure AD.<\/li>\n\n\n\n<li>The device (repeatedly) tries to register with AAD.<\/li>\n\n\n\n<li>When AAD can find a matching device (synced by AAD Connect), the registration will succeed and AAD will provide a device certificate back to the device.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">After this point, any AD user that signs into the device will get an Azure AD user token (a primary refresh token, or PRT) that can be used to authenticate with Azure AD-based services.\u00a0 If the user signed in before the registration completed, then they either need to sign out and back in again, or they need to lock and unlock the device \u2013 either of those will ensure the user gets a token.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">I would also remove the device from Autopilot if you are trying from AD -> AzureAD<\/p>\n","protected":false},"excerpt":{"rendered":"<p>And a summary of those labeled, numbered steps: After this point, any AD user that signs into the device will get an Azure AD user token (a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-9427","post","type-post","status-publish","format-standard","hentry","category-research"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.9 - aioseo.com -->\n\t<meta name=\"description\" content=\"And a summary of those labeled, numbered steps: The device queries AD to find the SCP, in order to obtain AAD tenant details. The AAD tenant details are returned. The device creates a self-signed certificate and updates the userCertificate property on its own computer object with that info. AAD Connect after the userCertificate has been\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"paris\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/pariswells.com\/blog\/research\/usercertificate-ad-attribute-not-populating-for-hybrid-join\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.9\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Welcome to Pariswells.com |\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"usercertificate AD Attribute not populating for Hybrid Join | Welcome to Pariswells.com\" \/>\n\t\t<meta property=\"og:description\" content=\"And a summary of those labeled, numbered steps: The device queries AD to find the SCP, in order to obtain AAD tenant details. The AAD tenant details are returned. The device creates a self-signed certificate and updates the userCertificate property on its own computer object with that info. AAD Connect after the userCertificate has been\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/pariswells.com\/blog\/research\/usercertificate-ad-attribute-not-populating-for-hybrid-join\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2025-12-16T07:19:37+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2025-12-16T07:19:39+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary\" \/>\n\t\t<meta name=\"twitter:title\" content=\"usercertificate AD Attribute not populating for Hybrid Join | Welcome to Pariswells.com\" \/>\n\t\t<meta name=\"twitter:description\" content=\"And a summary of those labeled, numbered steps: The device queries AD to find the SCP, in order to obtain AAD tenant details. The AAD tenant details are returned. The device creates a self-signed certificate and updates the userCertificate property on its own computer object with that info. AAD Connect after the userCertificate has been\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/usercertificate-ad-attribute-not-populating-for-hybrid-join#article\",\"name\":\"usercertificate AD Attribute not populating for Hybrid Join | Welcome to Pariswells.com\",\"headline\":\"usercertificate AD Attribute not populating for Hybrid Join\",\"author\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#organization\"},\"datePublished\":\"2025-12-16T07:19:37+00:00\",\"dateModified\":\"2025-12-16T07:19:39+00:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/usercertificate-ad-attribute-not-populating-for-hybrid-join#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/usercertificate-ad-attribute-not-populating-for-hybrid-join#webpage\"},\"articleSection\":\"Research\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/usercertificate-ad-attribute-not-populating-for-hybrid-join#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/pariswells.com\\\/blog\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research#listItem\",\"name\":\"Research\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research#listItem\",\"position\":2,\"name\":\"Research\",\"item\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/usercertificate-ad-attribute-not-populating-for-hybrid-join#listItem\",\"name\":\"usercertificate AD Attribute not populating for Hybrid Join\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/usercertificate-ad-attribute-not-populating-for-hybrid-join#listItem\",\"position\":3,\"name\":\"usercertificate AD Attribute not populating for Hybrid Join\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research#listItem\",\"name\":\"Research\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#organization\",\"name\":\"Welcome to Pariswells.com\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris\",\"name\":\"paris\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/usercertificate-ad-attribute-not-populating-for-hybrid-join#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/93b8ee3f592ac401167f870452bd82d43de80152cd3524e2853403658ada9984?s=96&d=mm&r=g\",\"width\":96,\"height\":96,\"caption\":\"paris\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/usercertificate-ad-attribute-not-populating-for-hybrid-join#webpage\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/usercertificate-ad-attribute-not-populating-for-hybrid-join\",\"name\":\"usercertificate AD Attribute not populating for Hybrid Join | Welcome to Pariswells.com\",\"description\":\"And a summary of those labeled, numbered steps: The device queries AD to find the SCP, in order to obtain AAD tenant details. The AAD tenant details are returned. The device creates a self-signed certificate and updates the userCertificate property on its own computer object with that info. AAD Connect after the userCertificate has been\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/usercertificate-ad-attribute-not-populating-for-hybrid-join#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\"},\"datePublished\":\"2025-12-16T07:19:37+00:00\",\"dateModified\":\"2025-12-16T07:19:39+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/\",\"name\":\"Welcome to Pariswells.com\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"usercertificate AD Attribute not populating for Hybrid Join | Welcome to Pariswells.com","description":"And a summary of those labeled, numbered steps: The device queries AD to find the SCP, in order to obtain AAD tenant details. The AAD tenant details are returned. The device creates a self-signed certificate and updates the userCertificate property on its own computer object with that info. AAD Connect after the userCertificate has been","canonical_url":"https:\/\/pariswells.com\/blog\/research\/usercertificate-ad-attribute-not-populating-for-hybrid-join","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/pariswells.com\/blog\/research\/usercertificate-ad-attribute-not-populating-for-hybrid-join#article","name":"usercertificate AD Attribute not populating for Hybrid Join | Welcome to Pariswells.com","headline":"usercertificate AD Attribute not populating for Hybrid Join","author":{"@id":"https:\/\/pariswells.com\/blog\/author\/paris#author"},"publisher":{"@id":"https:\/\/pariswells.com\/blog\/#organization"},"datePublished":"2025-12-16T07:19:37+00:00","dateModified":"2025-12-16T07:19:39+00:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/pariswells.com\/blog\/research\/usercertificate-ad-attribute-not-populating-for-hybrid-join#webpage"},"isPartOf":{"@id":"https:\/\/pariswells.com\/blog\/research\/usercertificate-ad-attribute-not-populating-for-hybrid-join#webpage"},"articleSection":"Research"},{"@type":"BreadcrumbList","@id":"https:\/\/pariswells.com\/blog\/research\/usercertificate-ad-attribute-not-populating-for-hybrid-join#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog#listItem","position":1,"name":"Home","item":"https:\/\/pariswells.com\/blog","nextItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/category\/research#listItem","name":"Research"}},{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/category\/research#listItem","position":2,"name":"Research","item":"https:\/\/pariswells.com\/blog\/category\/research","nextItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/research\/usercertificate-ad-attribute-not-populating-for-hybrid-join#listItem","name":"usercertificate AD Attribute not populating for Hybrid Join"},"previousItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/research\/usercertificate-ad-attribute-not-populating-for-hybrid-join#listItem","position":3,"name":"usercertificate AD Attribute not populating for Hybrid Join","previousItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/category\/research#listItem","name":"Research"}}]},{"@type":"Organization","@id":"https:\/\/pariswells.com\/blog\/#organization","name":"Welcome to Pariswells.com","url":"https:\/\/pariswells.com\/blog\/"},{"@type":"Person","@id":"https:\/\/pariswells.com\/blog\/author\/paris#author","url":"https:\/\/pariswells.com\/blog\/author\/paris","name":"paris","image":{"@type":"ImageObject","@id":"https:\/\/pariswells.com\/blog\/research\/usercertificate-ad-attribute-not-populating-for-hybrid-join#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/93b8ee3f592ac401167f870452bd82d43de80152cd3524e2853403658ada9984?s=96&d=mm&r=g","width":96,"height":96,"caption":"paris"}},{"@type":"WebPage","@id":"https:\/\/pariswells.com\/blog\/research\/usercertificate-ad-attribute-not-populating-for-hybrid-join#webpage","url":"https:\/\/pariswells.com\/blog\/research\/usercertificate-ad-attribute-not-populating-for-hybrid-join","name":"usercertificate AD Attribute not populating for Hybrid Join | Welcome to Pariswells.com","description":"And a summary of those labeled, numbered steps: The device queries AD to find the SCP, in order to obtain AAD tenant details. The AAD tenant details are returned. The device creates a self-signed certificate and updates the userCertificate property on its own computer object with that info. AAD Connect after the userCertificate has been","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/pariswells.com\/blog\/#website"},"breadcrumb":{"@id":"https:\/\/pariswells.com\/blog\/research\/usercertificate-ad-attribute-not-populating-for-hybrid-join#breadcrumblist"},"author":{"@id":"https:\/\/pariswells.com\/blog\/author\/paris#author"},"creator":{"@id":"https:\/\/pariswells.com\/blog\/author\/paris#author"},"datePublished":"2025-12-16T07:19:37+00:00","dateModified":"2025-12-16T07:19:39+00:00"},{"@type":"WebSite","@id":"https:\/\/pariswells.com\/blog\/#website","url":"https:\/\/pariswells.com\/blog\/","name":"Welcome to Pariswells.com","inLanguage":"en-US","publisher":{"@id":"https:\/\/pariswells.com\/blog\/#organization"}}]},"og:locale":"en_US","og:site_name":"Welcome to Pariswells.com |","og:type":"article","og:title":"usercertificate AD Attribute not populating for Hybrid Join | Welcome to Pariswells.com","og:description":"And a summary of those labeled, numbered steps: The device queries AD to find the SCP, in order to obtain AAD tenant details. The AAD tenant details are returned. The device creates a self-signed certificate and updates the userCertificate property on its own computer object with that info. AAD Connect after the userCertificate has been","og:url":"https:\/\/pariswells.com\/blog\/research\/usercertificate-ad-attribute-not-populating-for-hybrid-join","article:published_time":"2025-12-16T07:19:37+00:00","article:modified_time":"2025-12-16T07:19:39+00:00","twitter:card":"summary","twitter:title":"usercertificate AD Attribute not populating for Hybrid Join | Welcome to Pariswells.com","twitter:description":"And a summary of those labeled, numbered steps: The device queries AD to find the SCP, in order to obtain AAD tenant details. The AAD tenant details are returned. The device creates a self-signed certificate and updates the userCertificate property on its own computer object with that info. AAD Connect after the userCertificate has been"},"aioseo_meta_data":{"post_id":"9427","title":null,"description":null,"keywords":null,"keyphrases":{"focus":{"keyphrase":"","score":0,"analysis":{"keyphraseInTitle":{"score":0,"maxScore":9,"error":1}}},"additional":[]},"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"Article","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","location":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":{"faqs":[],"keyPoints":[],"titles":[],"descriptions":[],"socialPosts":{"email":[],"linkedin":[],"twitter":[],"facebook":[],"instagram":[]}},"created":"2025-12-16 07:11:23","updated":"2025-12-16 07:19:39","primary_term":null,"seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/pariswells.com\/blog\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/pariswells.com\/blog\/category\/research\" title=\"Research\">Research<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tusercertificate AD Attribute not populating for Hybrid Join\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/pariswells.com\/blog"},{"label":"Research","link":"https:\/\/pariswells.com\/blog\/category\/research"},{"label":"usercertificate AD Attribute not populating for Hybrid Join","link":"https:\/\/pariswells.com\/blog\/research\/usercertificate-ad-attribute-not-populating-for-hybrid-join"}],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/9427","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=9427"}],"version-history":[{"count":1,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/9427\/revisions"}],"predecessor-version":[{"id":9428,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/9427\/revisions\/9428"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=9427"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=9427"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=9427"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}