Hi Community,

I´m testing WIN10 silent enrollment  using different parameter combinations as described here :

Silent Enrollment Parameters and Values

I have tested some combinations that work as aspected  to enroll my Win10 devices but there is one that I can´t get to work. Maybe I’m doing wrong or I’m not understanding it correctly.

The description of the parameter SECURITYTYPE=<B(asic)/D(Directory)> says :

“EOBO Workflow Only: Needed if user account is added to Workspace ONE UEM console during enrollment process”.

So I’m assuming that I can stage the device with a proper staging user I’ve created in WS1 UEM for that purpose and after that create a new WS1 UEM user providing the credentials in the script and enroll the device with this user . Somethig like this

msiexec /i c:TempAirwatchAgent.msi /q ENROLL=Y SERVER=xxxxx.awmdm.com LGName=OU-LAB USERNAME=Stageuser PASSWORD=*******  STAGEUSERNAME=NewUser SECURITYTYPE=B STAGEPASSWORD=*******

This is only one of the combinations I’ve tested for this workflow and seems to make sense. but is not working. When I have a look at the logs I can see that the OU and staging user are validated correctly but the NewUser is not created in WS1. Instead of this I’m asked to provide an existing user

ValidateGroupIdentifier: STARTED Executing

ValidateGroupIdentifier: ENDED Executing

ValidateLoginCredentials: STARTED Executing

ValidateLoginCredentials: ENDED Executing

ValidateOnBehalfOfUsername: STARTED Executing

ERROR_CODE: [1011], ERROR_MESSAGE: Server returned enrollment failed with Status Fail , Message Enrollment user is not found. Please provide an existing user., ValidateOnBehalfOfUsername: ENDED Executing

So, this parameter is not for creating the final user as explained in the parameter description?, Is my script wrong? Am I misunderstanding the purpose of this parameter?

Every comment will be welcomed and if someone can show me an example of how to do this I would be thankful

Regards