“Device Registration Service is not in a valid configuration state”

After running AdfsDeviceRegistration you might encounter this error:

PS C:\Users\pieter.CONTOSO> Enable-AdfsDeviceRegistration
Enable-AdfsDeviceRegistration : Device Registration Service is not in a valid configuration state. Service account
CONTOSO\ADFSUserAccount$ does not have the required access on CN=DeviceRegistrationService,CN=Device Registration
Services,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=contoso,DC=com. Ensure that the service
account is granted all rights except Write DACL, Write owner, and Extended write, and try again.

image

This can be fixed by running the following cmdlet:

Initialize-ADDeviceRegistration

After entering the “Managed Service Account name” – in my case “ADFSUserAccount$” , the permissions will be configured correctly.
Afterwards you can run the “Enable-AdfsDeviceRegistration” cmdlet again.

image

If this helped you, please consider leaving a reply – thanks!