This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 32%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Hi,
We google some, and finds info about "make sure the on-premises computer object is synchronized to Azure AD. Run the Delta Azure AD Connect sync"....The OU that the machine is added to is marked for sync, so do we have to wait for Azure AD Sync ?
We did a manual sync, but still same object i Azure Ad.
Then we did a "dsregcmd.exe /debug /join" and it was successfull. When we now check Azure AD we can see two devices objects, one is Azure AD Joined and the other is Hybrid Azure AD joined.
What went wrong here ?
Is we had just waited would the Azure AD Joined device itself "turn into" Hybrid Azure AD joined device ?
One other question, after we logged into the device the first time, the user was NOT administrator even if we had configured it to be under Autopilot profile, but after a reboot the user was added as local admin... is a reboot necessary ?
Thanks for any explanation.
/R
Andy
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 66%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENH%3C/text%3E%3C/svg%3E)
Its correct that you do end up with 2 objects. Usually you have to wait for Azure AD Connect to sync the device and the hybrid join to complete. It depends on your sync schedule. For a good understanding, see https://oofhours.com/2020/05/23/digging-into-hybrid-azure-ad-join/
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@andreas bright , For Windows Autopilot user-driven Hybrid Azure AD Join, we will end up seeing two devices in Azure AD when this process completes. An Azure AD Join device object (which ends up getting enabled and renamed as part of this process) and the synced Hybrid Azure AD Join device object. This is by design. Here are the objects in my lab:
Also, find a link describe this, we can read it for the reference:
https://oofhours.com/2019/07/15/inside-windows-autopilot-user-driven-hybrid-azure-ad-join/
Note: Non-Microsoft link, just for the reference.
For the situation about adding into the local administrator group, based on the phenomenon we get, it seems the reboot is needed.
Hope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
Thanks for great feedback from both of you.
Just to make things clear, If I had dropped running the "dsregcmd.exe /debug /join" it would after awhile have been joined correctly after all ? What is the max waiting time for this ?
/R
Andy
Yes. You don't need to run it. It can take an hour or so for the Hybrid Azure AD Join to complete depending on if you are using password hash sync or ADFS with Azure AD Connect and on your sync cycle. Its covered in the link I posted above.