question

Chabango avatar image
0 Votes"
Chabango asked piaudonn answered

Rollout hybrid Azure AD join after Controlled validation

I have 2 questions revolving around Controlled validation of hybrid Azure AD join: 1. After configuring [Hybrid Azure AD join for federated domains,][1] if i want to use Controlled validation, I assume I need to immediately [Clear the SCP from AD][2] ? 2. Once I am ready to rollout Hybrid Azure AD join after testing via Controlled validation, what is the beast practice for enabling it across the domain, repopulating the SCP in ADSI Edit by adding back the azureADId and azureADName values? [1]: https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-federated-domains [2]: https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-control#clear-the-scp-from-ad

adfsazure-ad-hybrid-identity
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

piaudonn avatar image
0 Votes"
piaudonn answered

Windows 10 machines first check their registry and only if there are no information there they check the SCP. So for your questions:

  1. You don't even need to configure the SCP when you go through the Azure AD Connect wizard. You can just download the PowerShell script and do it later. Some organizations even have to do it this way because the admin of the Azure AD Connect servers don't necessarly have permission to write the SCP on their own. So they download the script and they send it to the AD admins.

  2. You can do it manully, you can also download the script from the Azure AD Connect wizard:

84233-image.png



image.png (79.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.