Recently, I faced an issue where a Citrix VDA with version 1912 CU2, joined to Entra as an Entra Hybrid Join device, was preventing users from launching applications. Upon launching an application, the VDA state would transition to an “Unregistered” state.
After dedicating hours to investigating and even rebuilding the Citrix VDAs without resolving the issue, we opted to remove the Citrix servers from Entra ID to address the problem.
Although this article is not centered on Citrix, it focuses on removing a device from Entra Hybrid Joined status. I wanted to provide background information on why I had to take this step and offer insights into how you can easily unjoin a system from Entra ID. Let’s check the steps.
Table of Contents
Option 1 – Turn Off Automatic Registration
To turn off automatic registration, modify/update the Scheduled Task that triggers Entra ID registration. Navigate to Task Scheduler > Microsoft > Windows > Workplace Join > Automatic-Device-Join. Perform the following action on this scheduled task:
- Disable the Scheduled Task by right-clicking on the Task and click on Disable.
- Open the Scheduled task and go to the Triggers Tab. Click on the Trigger(s) -> Click Edit -> Uncheck Enable checkbox to disable this trigger.
Alternatively, you can also delete this Scheduled task if you want to instead of disabling it.
Option 2 – Run dsregcmd.exe /debug /leave
Next, open a command prompt as an administrator and enter dsregcmd.exe /debug /leave.
Run dsregcmd.exe /status
Option 3 – Registry Keys to disable Entra ID Join
The two steps above should be sufficient for unjoining and blocking the system from joining Entra ID. However, I have also created two registry entries to further ensure it.
- Press the Windows key + R to open the Run dialog box.
- Navigate to HKML\SOFTWARE\Policies\Microsoft\Windows\Workplacejoin
- Create a New Registry Key called WorkplaceJoin (If it does not exist).
- Create below two registry entries:
- autoWorkplaceJoin REG_DWORD Value 0
- BlockAADWorkplacejoin REG_DWORD Value 1
Finally – Unsync the Device using Entra Connect
As you do not want these machines to get registered/join to Entra ID again, you can also unsync them. Modify the Entra Connect Synchronization settings to remove an OU from sync to Entra ID and move those devices that you don’t want to sync, into that OU.
