Intune Policies for Managing Local User Groups for Azure AD Joined Devices | Hybrid Azure AD Joined
#MSIntune Policies for Managing Local User Groups for Azure AD Joined Devices | Hybrid #Azure AD Joined without PowerShell script
🛠️Manage Local Admins using Intune Local User Group Membership Management Policy
✅Supported Local Groups
✅Group & User Actions
✅Policy Error 0x80070534
✅Intune Error Code 6500
✅Hybrid Azure AD Joined and AADJ Scenarios
https://www.anoopcnair.com/manage-loc...
#MSIntune #MEMPowered #MEMCM #ConfigMgr #CloudPC #Windows365
https://docs.microsoft.com/en-us/wind...
Can I add a member that already exists?
Yes, you can add a member that is already a member of a group. This will result in no changes to the group and no error.
Can I remove a member if it isn't a member of the group?
Yes, you can remove a member even if it isn't a member of the group. This will result in no changes to the group and no error.
How can I add a domain group as a member to a local group?
To add a domain group as a member to a local group, specify the domain group in add member of the local group. Usefully qualified account names (for example, domain_name\group_name) instead of isolated names (for example, group_name) for the best results. See LookupAccountNameA function for more information.
Can I apply more than one LocalUserAndGroups policy/XML to the same device?
No, this is not allowed. Attempting to do so will result in a conflict in Intune.
What happens if I specify a group name that doesn't exist?
Invalid group names or SIDs will be skipped. Valid parts of the policy will apply, and error will be returned at the end of the processing. This behavior aligns with the on-prem AD GPP (Group Policy Preferences) LocalUsersAndGroups policy. Similarly, invalid member names will be skipped, and error will be returned at the end to notify that not all settings were applied successfully.
What happens if I specify R and U in the same XML?
If you specify both R and U in the same XML, the R (Restrict) action takes precedence over U (Update). Therefore, if a group appears twice in the XML, once with U and again with R, the R action wins.
How do I check the result of a policy that is applied on the client device?
After a policy is applied on the client device, you can investigate the event log to review the result:
Open Event Viewer (eventvwr.exe).
Navigate to Applications and Services Logs - Microsoft - Windows - DeviceManagement-Enterprise- Diagnostics-Provider -Admin.
Search for the LocalUsersAndGroups string to review the relevant details.
=======================
More Blog posts related to SCCM/Intune/Windows 11/Cloud PC/AVD/Hyper-V/Cloud/IT Pro/Azure -
✔ https://www.anoopcnair.com/windows-365/
👉 Stay Connected - https://howtomanagedevices.com/stay-c... 👉 https://howtomanagedevices.com/sccm/1...
#CloudPC #Windows365 #W365
https://howtomanagedevices.com/
Learn SCCM Read https://www.anoopcnair.com/sccm/
https://www.anoopcnair.com/learn-sccm...
Learn Intune Read - https://www.anoopcnair.com/intune/
https://www.anoopcnair.com/learn-micr...
Learn Windows 10 Read - https://www.anoopcnair.com/windows-10/
Learn Hyper-V Read - https://www.anoopcnair.com/hyperv-2/
Learn About Cloud Read - https://www.anoopcnair.com/cloud/
Learn about Azure Read - https://www.anoopcnair.com/cloud/azure/
Learn About IT Pros Events - https://www.anoopcnair.com/itpro/
Learn about me - https://www.anoopcnair.com/about/
#SCCM #ConfigMgr #SCCMVideos #SCCMTutorials #SCCMStudyVideos #SCCMFreeTraining #SCCMTraining #HowtoManageDevices
#Intune #MicrosoftIntune #IntuneVideos #IntuneTutorials #IntuneGuide #IntuneStudy #MSIntune #IntuneTraining #HowtoManageDevices
