To clear the attribute data using a PowerShell command.
Warning: This section, method, or task contains steps that tell you how to modify Active Directory objects. Serious problems might occur if you these commands are not executed incorrectly. Ensure that you follow these steps carefully. Refer to the Microsoft PowerShell documentation for more information on the commands below.
First, you can view the current data by running the following command:
Get-ADUser -Identity <username> -Property defender-userTokenData | Select -ExpandProperty defender-userTokenData
Next, you can clear the value of this attribute by running this command:
Set-ADUser -Identity <username> -Clear "defender-userTokenData"
Once the attribute data has been cleared, assign a new token by either using the Token Programming Wizard in ADUC, or by having the user request a token using the Defender Self Service Portal. After the new token has been activated, it should now be possible for the user to log on successfully.