Share via

Manage AAD Joined computers with on prem AD

Wesley Ramon 36 Reputation points
2023-06-19T09:52:20.91+00:00

Hi All,

I'm trying to find an answer to the question in Title but I'm confused.

I have a .local domain in an on-premise environment with azure ad sync.

most of our computers are Hybrid AAD Joined , but I'm wondering if there is a way to apply GPO's from our local DC's to a computer that is Azure AD Joined , for example if we ship a laptop to one of our users, the users log's into the laptop with his azure credentials , computers is added to the Azure AD , and i want to apply GPO's on that laptop. This also apply's for joining the laptop to specific Groups in active directory.

Thanks

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 27,211 Reputation points Microsoft Employee Moderator
    2023-06-19T20:19:59.1133333+00:00

    Hi @Wesley Ramon , Azure AD joined devices don't have a computer object in on-premises Active Directory Domain Services (AD DS), so applying GPOs from your local DCs to Azure AD joined devices is not directly possible. However, you can use Azure AD Domain Services to create and manage group policies in a managed domain.

    For hybrid Azure AD joined devices, you can apply GPOs from your local DCs since they have a computer object in AD DS. To join a device to specific groups in Active Directory, you can use the Active Directory Users and Computers (ADUC) snap-in.

    Keep in mind that SSO access to on-premises resources requires line-of-sight communication with your on-premises AD DS domain controllers. If Azure AD joined devices aren't connected to your organization's network, a VPN or other network infrastructure is required.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    1 person found this answer helpful.
  2. Carlos Solís Salazar 18,191 Reputation points MVP Volunteer Moderator
    2023-06-19T12:16:16.6166667+00:00

    Thank you for asking this question on the Microsoft Q&A Platform.

    There is no way to administrate those devices with your Local DC.

    Hope this helps!

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

    NOTE: To answer you as quickly as possible, please mention me in your reply.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.