After running AdfsDeviceRegistration you might encounter this error:
PS C:\Users\pieter.CONTOSO> Enable-AdfsDeviceRegistration
Enable-AdfsDeviceRegistration : Device Registration Service is not in a valid configuration state. Service account
CONTOSO\ADFSUserAccount$ does not have the required access on CN=DeviceRegistrationService,CN=Device Registration
Services,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=contoso,DC=com. Ensure that the service
account is granted all rights except Write DACL, Write owner, and Extended write, and try again.
This can be fixed by running the following cmdlet:
After entering the “Managed Service Account name” – in my case “ADFSUserAccount$” , the permissions will be configured correctly.
Afterwards you can run the “Enable-AdfsDeviceRegistration” cmdlet again.
If this helped you, please consider leaving a reply – thanks!