Thanks for reaching out.
When you say Hybrid, I assume you mean Hybrid Azure AD Join. If you are not sure about current state of devices then I would recommend you to use dsregcmd /status
utility and figure out current state of device ( example : DJ, HAADJ, or WPJ ) before remove devices from the on-prem AD.
This utility must be run as a domain user account which lists the device join state parameters.
Sample device state output:
Domain Joined (DJ):
Hybrid Azure AD Joined (HAADJ):
Workplace Joined (WPJ):
Refer below steps to perform cleanup depends on current device state of windows 10 devices, once that has completed then you can perform Azure AD Join.
Domain Joined (DJ):
This would be straight forward, whereas unjoin devices from the on-prem AD and then disable or delete Windows 10 devices in your on-premises AD.
Hybrid Azure AD join
For hybrid Azure AD joined devices, make sure to turn off automatic registration in AD using the Controlled validation article. Then the scheduled task won't register the device again. Next, open a command prompt as an administrator and enter dsregcmd.exe /debug /leave
. Or run this command as a script across several devices to unjoin in bulk.
and remove devices from the on-prem AD and then Disable or delete Windows 10 devices in your on-premises AD, and let Azure AD Connect synchronize the changed device status to Azure AD. Reference: https://learn.microsoft.com/en-us/azure/active-directory/devices/faq#hybrid-azure-ad-join-faq
Workplace Joined (WPJ)/Azure AD Registered
Remove Workplace Joined as per this link and remove devices from the on-prem AD and then Disable or delete Windows 10 devices in your on-premises AD, and let Azure AD Connect synchronize the changed device status to Azure AD.
I would strongly recommend to refer this article, Cleanup Azure AD Devices.
------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.