Hybrid Azure AD Join - Missing GPO regkey - Key Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CDJ\AAD

Tombstone2004 11 Reputation points


We are currently following the below article:


Specifically the section titled - https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-control#configure-client-side-registry-setting-for-scp

On our server 2016 box, when trying to create the new reg key under GPOs advised in the article we are unable to do so. Furthest it gets to in the key path is


There is no option of CDJ etc.....

Perhaps were missing something obvious here, any guidance on this would be appreciated.



Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,663 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Tombstone2004 11 Reputation points

    Believe this to be resolved, just needed to manually type complete the key ourselves in the key path field.

    Think that should do the trick!

    2 people found this answer helpful.
    0 comments No comments

  2. Jai Verma 451 Reputation points

    What is the version of OS from where you are trying to modify this registry? Did you try from the box where you want to block using GPMC?

    0 comments No comments

  3. Tombstone2004 11 Reputation points

    We are unable to modify any registry at the moment. The issue is the keypath does not exist in the gpo editor. The box we are trying from is a DC running server 2016 DataCenter edition, in gpo editor we go to

    Computer Configuration > Preferences > Windows Settings > Registry > Right-click on the Registry and select New > Registry Item

    Once in here when looking through the hives for the key path under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ there is no option for CDJ. The only C's we have are 'Casting' then next 'CEIP', no CDJ in sight.

    Hope this helps

    0 comments No comments