Risks of Hybrid Joining server OS (e.g. domain controller)?

Question

Hi, i'm implementing Hybrid Join on Azure AD connect and currently all domain objects are synced. Is there any particular risk with simply enabling the Hybrid Join option with the win10 and above setting?

I believe this will request any on premise 2016+ server to Hybrid Join which will include domain controllers, member servers, etc. Is there any reason that would cause any problems?

Answer 1

Hi,

There are no issues, however you can test hybrid Azure AD join on a subset of their environment before a full rollout, a targeted rollout will help identify any issues your plan may not have addressed before you enable for the entire organization.

Please check this article to review the deployment process - hybrid-azuread-join-control

hybrid-azuread-join-plan

Hope this helps.
JS

==
Please Accept the answer if the information helped you. This will help us and others in the community as well.

Answer 2

Thanks Jimmy, it definitely helps!

In the link you referenced it states - "Hybrid Azure AD join isn't supported for Windows Server running the Domain Controller (DC) role."
From that I assume it just won't hybrid join the Domain Controller, even if it is in the AADC scope and won't cause a problem?

For testing the hybrid join, I understand it's an option, but potentially what issues might that flag up? Without targeting a subset, the worst case is that devices won't successfully Hybrid Join? I assume? Plus I guess I could manage the targeting by changing the OU Filtering in the AADC scope to exclude devices except those I want to hybrid join?