Manually create Device Registration ServiceConnectionPoint (SCP)

Manually create Device Registration ServiceConnectionPoint (SCP)

Hi All,

This Weekend i was involved in a Migration where configuration of Device Registration in AzureAD/EntraID was required. Due to the complex Setup, we could not use Configure Device Registration with Azure AD Connect.

Alldough there exist a Documentation on how to Configure hybrid Azure Active Directory join manually it is missing a few important steps. That’s why i decidet to write this Blog Article.

If you want to know more about how Device registration works go ahead and read the documentaion.


A Domain Joined Client searches for a Service Connection Point (SCP) in the Configuration Partition.

CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,[Your Configuration Naming Context]

Manually create the Service Connection Point (SCP)

You can manually create the SCP by using ADSI Edit (adsiedit.msc)

Connect to the Configuration Partition

Browse to “Services” and create a new Object

Object class is “container”

Name the Object “Device Registration Configuration”

Nothing to add here

Create another new Object

Object class is “serviceConnectionPoint”

Name the Object “62a0ff2e-97b9-4513-943f-0d221bd30080”

Click on “More Attributes”

Now you need the TenantID of your Azure Acive Directory / EntraID.

You can find that in Identity Overview

Search for the Attribute “keywords” and add the two lines


Click “Finish”


You can test if the SCP has correctly created with this small PowerShell Scropt

$ConfigurationPartition = (Get-ADRootDSE).configurationNamingContext
$scp = New-Object System.DirectoryServices.DirectoryEntry
$scp.Path = "LDAP://CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,$ConfigurationPartition"

Andres Bohren

Windows Logo