This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 91%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
Greetings:
Looking for a little guidance to help with the scenario I find myself in. I understand the scenario isn't optimal, but there isn't much I can to.
I have an on-premise synching to azure ad via AD Connect. I also have SCCM on premise. This combination provide a Hybrid-Ad experience that works rather well and was super simple to implement.
A business requirement mandates that one of our segments is going to be disconnected from our parent company and no connectivity can be established between sites. The machines will transition to a new .local domain, but the users will continue to use resources in the parten companies Azure tenant (exchange, sharepoint, teams, intune, etc).
Enabling Hybrid was easy with AD Connect and SCCM, but I'm struggling to find a good reliable way to bring this disconnected domain into Azure. My end goal is to provision the machine in Intune (preferably in an automated fashion) so I can deploy updates and software.
I've looked at a few different options...
I'm going to be looking at Hybird Autopilot tomorrow, but I thought I'd drop a message here and see if anyone had any advice. I'm not looking for a how-to or help with the error messages, I'm really just looking at what others have done and suggest doing in this type of a scenario. Any thoughts on this being a the best path for this type of topology, or should I move on and look at some other method.
@Joe Robinson Thanks for posting in our Q&A.
For this issue, if you want to use GPO enrollment or Autopilot Hybrid Azure AD join, the prerequisite is that the device is Hybrid Azure AD joined. Honestly, I'm not sure if it will complete hybrid Azure AD joined process in this scenario. So, I will add Azure-ad tag and let's wait for the related support engineer confirm it.
So, if you want to keep a copy of disconnected domain (AD DS), how about to migrate DC to Azure? Not sure did I get your main problem right, just throwing ideas :)
So, if you want to keep a copy of disconnected domain (AD DS), how about to migrate DC to Azure? Not sure did I get your main problem right, just throwing ideas :)
Are you suggesting move AD DS to a VM in azure or migrating to Azure AD completely?
I considered moving everything directly to Azure AD, but we have a couple of legacy applications that won't play nice without AD DS.
Sorry if I didn't describe the problem well. If I could, I'd just stand up a sync service (adconnect) and sychronize all the objects in AD to Azure AD. However, I already have an AD Connect server running and sychnronizing the primary (more important!) domain. This small domain that was spun up needs to be managed by Intune so I can push policy, software and Updates to the workstations.