AutopilotNuke
2.3
Asks for deletion of each object
Usage:
- The script can work from running Windows 10, but be careful removing native Azure AD joined Intune Devices -
Asks for deletion of each object
Usage:
- The script can work from running Windows 10, but be careful removing native Azure AD joined Intune Devices - you can lock yourself out, if you do not know local administrator's password
- Intended usage – from OOBE (Out of Box Experience)
- While in OOBE, hits Shift+F10
- Powershell.exe
- Install-Script AutopilotNuke
- Accept all prompts
- & 'C:\Program Files\WindowsPowerShell\Scripts\AutopilotNuke.ps1'
- The script will:
Download and install all required modules (accept all prompts)
Show you the Serial Number of the machine
Prompt to connect you to Azure AD and Intune Graph
Ask you if you want to connect to local AD (ADDS, NT Domain) so it could delete old records from there. Enter the local FQDN (domain.com, contoso.local) of your AD Domain
If you entered local AD domain, it will ask you for the username and password, for the username, use <NetbiosName>\User format
Search in Autopilot for the serial number
Show you all objects in Intune and AAD related to that Serial Number
Ask if you want to delete in from Intune then deletes
Ask if you want to delete in from Autopilot then deletes
Loop through all AAD and AD (if it was selected) objects and ask to delete them
Ask if you want to add it to AP then adds
Minimum security rights needed:
• To authorize Intune Graph, you will need global admin, but this is just one time. Ask your GA to run:
Install-PackageProvider -Name NuGet
Install-Module AzureAD
Install-Module WindowsAutopilotIntune
Install-Module Microsoft.Graph.Intune
Connect-AzureAD
Connect-MSGraph
Accept the consent prompt
• Custom role with the following permissions required in Intune:
Managed devices
Read
Delete
Update
Enrollment programs
Create device
Delete device
Read device
Sync device
Assigned to All Devices (did not try scoping it with RBAC, but should work in theory)
• Cloud device administrator role required in Azure AD
• AD DS rights similar to Intune Connector rights: https://docs.microsoft.com/en-us/mem/autopilot/windows-autopilot-hybrid#:~:text=The%20Intune%20Connector%20for%20your,the%20rights%20to%20create%20computers.
Installation Options
Owners
Copyright
Alexey Semibratov
Package Details
Author(s)
- Alexey Semibratov
Dependencies
This script has no dependencies.
Release Notes
Version 2.1: Bugfix
Version 2.0: Bugfix
Version 1.9: Bugfix
Version 1.8: Streamlined all logic with found Intune/AAD devices, changed output of found objects to a table
Version 1.7: Fixed a situation where there can be multiple Intune devices
Version 1.6: Added assigned user and tag - we will capture the old values, and will allow to change those if needed
Version 1.5: Some change in language around on-prem domain. Added wait for sync if it was less then 10 minutes ago. Fixed a bug when there is no AP devices, but we still want to delete Intune/AAD/AD devices.
Version 1.2: Added more documentation and set of required rights. Now if the device is not found in Autopilot, but exists in Intune (by serial number), it still cleans it from AD DS and AAD
Version 1.1: Invoke-AutopilotSync, when called too soon, error out
Version 1.0: Original public version.
FileList
- AutopilotNuke.nuspec
- AutopilotNuke.ps1
Version History
| Version | Downloads | Last updated |
|---|---|---|
| 3.9 | 4,938 | 11/17/2023 |
| 3.8 | 114 | 11/15/2023 |
| 3.7 | 32 | 11/15/2023 |
| 3.6 | 294 | 11/3/2023 |
| 3.4 | 378 | 10/20/2023 |
| 3.3 | 669 | 9/24/2023 |
| 3.2 | 2,954 | 7/6/2023 |
| 3.1 | 21 | 7/6/2023 |
| 3.0 | 12 | 7/6/2023 |
| 2.9 | 585 | 6/22/2023 |
| 2.8 | 55 | 6/20/2023 |
| 2.7 | 48 | 6/16/2023 |
| 2.6 | 10 | 6/16/2023 |
| 2.5 | 8 | 6/16/2023 |
| 2.4 | 11 | 6/16/2023 |
| 2.3 (current version) | 14,766 | 3/7/2021 |