thejumpcloud / jumpcloud-admu Goto Github PK

Testing the PS function and it's not recognizing the defined key:

PS C:\> Start-Migration -DomainUserName "jdoe" -JumpCloudUserName "jdoe" -TempPassword "Welcome1!" -JumpCloudConnectKey "XXXXXXXXXXXXXXXXXXX" -AcceptEULA $true -InstallJCAgent $true -LeaveDomain $true -ForceReboot $true -AzureADProfile $false  You must supply a value for JumpCloudConnectKey when installing the JC Agent
At C:\cyb-temp\jumpcloud-ADMU-1.4.0\jumpcloud-ADMU\Powershell\Functions.ps1:5376 char:36
+ ...  -eq $true){Throw [System.Management.Automation.ValidationMetadataExc ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : MetadataError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : RuntimeException

I tried single and double quotes. Also tried to run it from the directory the functions file is in - same error.

Hi there !
I'm using your ADMU tool to migrate my users to JumpCloud, and I noticed that on latest Windows 10 Pro 64 bits in French, they fall in error.
The first error occurs when trying to find OS Architecture, your script expects a "64-bit" variable but my OS sends "64 bits" instead.
Here is the error :
2020-02-26 13:23:49 INFO: Script starting; Log file location: C:\Windows\Temp\jcAdmu.log
2020-02-26 13:23:49 INFO: Gathering system & profile information
2020-02-26 13:23:53 ERROR: Unknown OSArchitecture

I changed the expected variables in Functions.ps1 and I was able to pass that one :
2020-02-26 16:05:27 INFO: Script starting; Log file location: C:\Windows\Temp\jcAdmu.log
2020-02-26 16:05:27 INFO: Gathering system & profile information
2020-02-26 16:05:31 INFO: OS: 64 bits
2020-02-26 16:05:31 INFO: THIS-COMPUTER is currently Domain joined to ad4s.local
2020-02-26 16:05:31 INFO: The secure channel between the local computer and domain is in good condition

The second one occurs during Loadstate where the user is sent to 'Users' group, but I had to change it for 'Utilisateurs' in Functions.ps1 as well to make the script work.

Here is the error given before translating Users :
2020-02-26 16:08:26 INFO: LoadState tool completed for user "AD4S\test.user" converting to "MY-COMPUTER\test.user"
2020-02-26 16:08:26 INFO: Adding new user "test.user" to Users group
2020-02-26 16:08:29 ERROR: Failed To add new user "test.user" to Users group

Other than that, thanks for this tool it is making my life much easier !

Despite performing install of ADK USMT, still encountering the following error when attempting Start-Migration

"2021-03-10 17:57:36 ERROR: Microsoft Windows ADK is installed but User State Migration Tool cant be found - Please correct and Try again."

This is the command I am running, the PC username and domain names are accurate.

Start-Migration -SelectedUserName 'cdc\marcdemo' -JumpCloudUserName 'marcdemo' -TempPassword '******' -JumpCloudConnectKey '*****************' -AcceptEULA $True -InstallJCAgent $True -LeaveDomain $True -ForceReboot $True -AzureADProfile $False

jcadmu.log

It's only used to get the system drive, and the powershell equivalent is trivial.

I ran into this when migrating a Windows 11 Insider build.
I appreciate that that is probably an unsupported configuration, however migration worked great after my fix 💯

I’ll create the trivial pull-request now.

Hi

The documentation states that a simple "dsregcmd.exe /leave" within a PowerShell-Command will disjoin the device from AAD, but in practice this isn't working as expected.

Instead this iteration of code did it for me:

if([System.Environment]::Is64BitProcess){ dsregcmd.exe /leave } else { $ps64 = Join-Path $env:SystemRoot "\sysnative\WindowsPowerShell\v1.0\powershell.exe" & $ps64 -Command {dsregcmd.exe /leave} }

Post reboot the AD-Joined account is not present anymore and device is not enrolled into AAD either:

`C:\Windows\System32>dsregcmd.exe /status

+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+

         AzureAdJoined : NO
      EnterpriseJoined : NO
          DomainJoined : NO
       Virtual Desktop : NOT SET
           Device Name : JUERGENKLAA6F9D

+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+

                NgcSet : NO
       WorkplaceJoined : NO
         WamDefaultSet : NO

+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+

            AzureAdPrt : NO
   AzureAdPrtAuthority : NO
         EnterprisePrt : NO
EnterprisePrtAuthority : NO

+----------------------------------------------------------------------+
| IE Proxy Config for Current User |
+----------------------------------------------------------------------+

  Auto Detect Settings : YES
Auto-Configuration URL :
     Proxy Server List :
     Proxy Bypass List :

+----------------------------------------------------------------------+
| WinHttp Default Proxy Config |
+----------------------------------------------------------------------+

           Access Type : DIRECT

+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+

        IsDeviceJoined : NO
         IsUserAzureAD : NO
         PolicyEnabled : NO
      PostLogonEnabled : YES
        DeviceEligible : YES
    SessionIsNotRemote : YES
        CertEnrollment : none
          PreReqResult : WillNotProvision`

When using non standard locations for Desktop, Documents, Downloads and Pictures, the migration tries to move them as well.
In one case there are hundreds of thousands pictures on a D drive. The migration took very long but did not seem to work (see separate Issue). Very long means several hours.

After setting the location to the default location (in c:\users<username>
The migration was very fast.

When the data does not reside in a profile controlled location, I would expect the migration to not take that data in to account, just migrate the profile, and have the new profile point to the same lcoation.

I completed a migration using the GUI from a domain-joined profile to a JumpCloud managed profile. The domain joined profile had a fingerprint and face unlock configured through Windows Hello.

After signing in using the password to the JumpCloud profile, there was no sign of biometrics (which is not a problem -- it's easy to readd them). However, I was unable to readd them.

When trying to add a fingerprint or face unlock through Windows settings to the new profile, I received the following error:
That fingerprint has already been set up by another account. Try a different finger.
When I try to set up facial recognition, I get the message:
It looks like you've already set up Windows Hello on another account. Remove face recognition from your other account, then try again.

There are many troubleshooting steps for this issue online and none of them worked.

Failed troubleshooting steps

• I tried stopping the Windows Biometric Service, clearing the contents of C:\Windows\System32\WinBioDatabase, and restarting the service
• I tried uninstalling the fingerprint and facial recognition drivers from device manager and rebooting the computer
• I tried disabling the fingerprint in bios and reenabling it
• I tried installing updated versions of the fingerprint driver

Successful troubleshooting

Eventually, I solved the issue with these steps:

1. Open registry editor
2. Navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
3. Find the profile with reference to the domain*
4. Delete the key called "GUID"
5. Reboot the computer
6. Try again

*My domain profile was firstl and the new profile is first.last. The profile I found in step 3 was "first.last.DOMAIN" -- a combination of the new username and the domain name.

With those steps, I was able to readd the fingerprint. I'd love to see this fixed before I use the ADMU on more computers. I'm thinking that perhaps all the tool needs to do is remove biometrics before continuing with subsequent steps, so that they are not cached and can be readded.

While running the ADMU tool (gui_jcadmu.exe)for first time, encountered Error: An unspecified error occurred: error code = 1789

The second time running the tool, I am getting this error message: Failed to compare two elements in the array.

When running ADMU tool to migrate from AzureAD to JC we have a case which CroudStrike is installed on the machine.
In such cases we cannot delete it, and we receive the following error:

The process cannot access the file 'C:\Users\******\NTUSER.DAT' because it is being used by another process.

Relevant code:

https://github.com/TheJumpCloud/jumpcloud-ADMU/blob/master/jumpcloud-ADMU/Powershell/Start-Migration.ps1#L1623