Error: 8018000a Whilst Joining a computer to Entra AD

If you encounter error 8018000a when trying to join to Azure AD like the below

The solution is to open PowerShell ISE as Administrator

Paste in the following code into the white section, then press the green play button - it will prompt you to press Y then Enter after running.

##This script checks for devices registered to AzureAD and removes them so you can successfully perform an AzureAD join.

# We recommend you backup your registry prior to running. We take no responisbility for the use of this script.

$sids = Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\EnterpriseResourceManager\Tracked' -name |where-object {$_.Length -gt 25}

Foreach ($sid in $sids){

Write-host "Found a registered device. Would you like to remove the device registration settings for SID: $($sid)?" -ForegroundColor Yellow

$Readhost = Read-Host " ( y / n ) "

Switch ($ReadHost)

{

Y {Write-host "Yes, Remove registered device"; $removedevice=$true}

N {Write-Host "No, do not remove device registration"; $removedevice=$false}

Default {Write-Host "Default, Do not remove device registration"; $removedevice=$false}

}

if ($removedevice -eq $true) {

$enrollmentpath = "HKLM:\SOFTWARE\Microsoft\Enrollments\$($sid)"

$entresourcepath = "HKLM:\SOFTWARE\Microsoft\EnterpriseResourceManager\Tracked\$($sid)"

##Remove device from enrollments in registry

$value1 = Test-Path $enrollmentpath

If ($value1 -eq $true) {

write-host "$($sid) exists and will be removed"

Remove-Item -Path $enrollmentpath -Recurse -confirm:$false

Remove-Item -Path $entresourcepath -Recurse -confirm:$false

}

Else {Write-Host "The value does not exist, skipping"}

##Cleanup scheduled tasks related to device enrollment and the folder for this SID

Get-ScheduledTask -TaskPath "\Microsoft\Windows\EnterpriseMgmt\$($sid)\*"| Unregister-ScheduledTask -Confirm:$false

$scheduleObject = New-Object -ComObject Schedule.Service

$scheduleObject.connect()

$rootFolder = $scheduleObject.GetFolder("\Microsoft\Windows\EnterpriseMgmt")

$rootFolder.DeleteFolder($sid,$null)

Write-Host "Device registration cleaned up for $($sid). If there is more than 1 device registration, we will continue to the next one."

pause

} else { Write-host "Removal has been cancelled for $($sid)"}

}

write-host "Cleanup of device registration has been completed. Ensure you delete the device registration in AzureAD and you can now join your device."

Microsoft 365, Security, Automation, Power appsMatt Scott24 May 2024Security, Essentials 8, Best Practices, Exchange, SharePoint, OneDrive, Power Apps, Power Automate, Workflows, Approvals