islanddog/onboard.ps1

## onboard.ps1
##This script checks for devices registered to AzureAD and removes them so you can successfully perform an AzureAD join.
# We recommend you backup your registry prior to running. We take no responisbility for the use of this script.

$sids = Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\EnterpriseResourceManager\Tracked' -name |where-object {$_.Length -gt 25}

Foreach ($sid in $sids){

Write-host "Found a registered device. Would you like to remove the device registration settings for SID: $($sid)?" -ForegroundColor Yellow
$Readhost = Read-Host " ( y / n ) "
Switch ($ReadHost)
{
Y {Write-host "Yes, Remove registered device"; $removedevice=$true}
N {Write-Host "No, do not remove device registration"; $removedevice=$false}
Default {Write-Host "Default, Do not remove device registration"; $removedevice=$false}
}

if ($removedevice -eq $true) {

$enrollmentpath = "HKLM:\SOFTWARE\Microsoft\Enrollments\$($sid)"
$entresourcepath = "HKLM:\SOFTWARE\Microsoft\EnterpriseResourceManager\Tracked\$($sid)"

##Remove device from enrollments in registry

$value1 = Test-Path $enrollmentpath
If ($value1 -eq $true) {

write-host "$($sid) exists and will be removed"

Remove-Item -Path $enrollmentpath -Recurse -confirm:$false
Remove-Item -Path $entresourcepath -Recurse -confirm:$false

}
Else {Write-Host "The value does not exist, skipping"}

##Cleanup scheduled tasks related to device enrollment and the folder for this SID

Get-ScheduledTask -TaskPath "\Microsoft\Windows\EnterpriseMgmt\$($sid)\*"| Unregister-ScheduledTask -Confirm:$false

$scheduleObject = New-Object -ComObject Schedule.Service
$scheduleObject.connect()
$rootFolder = $scheduleObject.GetFolder("\Microsoft\Windows\EnterpriseMgmt")
$rootFolder.DeleteFolder($sid,$null)

Write-Host "Device registration cleaned up for $($sid). If there is more than 1 device registration, we will continue to the next one."
pause

} else { Write-host "Removal has been cancelled for $($sid)"}

}

write-host "Cleanup of device registration has been completed. Ensure you delete the device registration in AzureAD and you can now join your device."
	##This script checks for devices registered to AzureAD and removes them so you can successfully perform an AzureAD join.
	# We recommend you backup your registry prior to running. We take no responisbility for the use of this script.

	$sids = Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\EnterpriseResourceManager\Tracked' -name \|where-object {$_.Length -gt 25}

	Foreach ($sid in $sids){

	Write-host "Found a registered device. Would you like to remove the device registration settings for SID: $($sid)?" -ForegroundColor Yellow
	$Readhost = Read-Host " ( y / n ) "
	Switch ($ReadHost)
	{
	Y {Write-host "Yes, Remove registered device"; $removedevice=$true}
	N {Write-Host "No, do not remove device registration"; $removedevice=$false}
	Default {Write-Host "Default, Do not remove device registration"; $removedevice=$false}
	}

	if ($removedevice -eq $true) {

	$enrollmentpath = "HKLM:\SOFTWARE\Microsoft\Enrollments\$($sid)"
	$entresourcepath = "HKLM:\SOFTWARE\Microsoft\EnterpriseResourceManager\Tracked\$($sid)"

	##Remove device from enrollments in registry

	$value1 = Test-Path $enrollmentpath
	If ($value1 -eq $true) {

	write-host "$($sid) exists and will be removed"

	Remove-Item -Path $enrollmentpath -Recurse -confirm:$false
	Remove-Item -Path $entresourcepath -Recurse -confirm:$false

	}
	Else {Write-Host "The value does not exist, skipping"}

	##Cleanup scheduled tasks related to device enrollment and the folder for this SID

	Get-ScheduledTask -TaskPath "\Microsoft\Windows\EnterpriseMgmt\$($sid)\*"\| Unregister-ScheduledTask -Confirm:$false

	$scheduleObject = New-Object -ComObject Schedule.Service
	$scheduleObject.connect()
	$rootFolder = $scheduleObject.GetFolder("\Microsoft\Windows\EnterpriseMgmt")
	$rootFolder.DeleteFolder($sid,$null)

	Write-Host "Device registration cleaned up for $($sid). If there is more than 1 device registration, we will continue to the next one."
	pause

	} else { Write-host "Removal has been cancelled for $($sid)"}

	}

	write-host "Cleanup of device registration has been completed. Ensure you delete the device registration in AzureAD and you can now join your device."