Share via

Intune connector for multiple On Prem domains

Aravinth Mathan 416 Reputation points
2021-10-06T18:44:17.187+00:00

Dear all

Would like to know the feasibility of managing devices from multiple domains using single Intune tenant. Can we use Intune connector on different standalone domain and manage devices effectively. What are the pros and cons in such cases.

Also during autopilot how does the device chose the domain in case of hybrid join scenario.

Thanks in advance

Regards
Aravinth

Microsoft Security | Intune | Configuration
Microsoft Security | Intune | Enrollment
Microsoft Security | Intune | Other

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nick Hogarth 3,521 Reputation points Volunteer Moderator
    2021-10-06T22:07:52.347+00:00

    The connector is only required for when you are doing Autopilot with Hybrid Azure AD Join (Azure AD Join is recommended) to create the computer objects in Active Directory. You also need to make sure that Hybrid Azure AD is configured (this is independent of Intune/Autopilot)

    You can have multiple connectors in domains. See https://learn.microsoft.com/en-us/mem/autopilot/windows-autopilot-hybrid#install-the-intune-connector "If your organization has multiple domains and you install multiple Intune Connectors, you must use a service account that's able to create computer objects in all domains, even if you plan to implement hybrid Azure AD join only for a specific domain. If these are untrusted domains, you must uninstall the connectors from domains in which you don't want to use Windows Autopilot. Otherwise, with multiple connectors across multiple domains, all connectors must be able to create computer objects in all domains."

    You create a device configuration domain join policy that specifies the domain and OU. That is how the device knows the domain.

    1 person found this answer helpful.
  2. Derek Pickell 1 Reputation point
    2022-05-24T21:50:28.457+00:00

    Hi @Nick Hogarth ,
    Hoping you're still monitoring this page... I've reviewed the link you referenced regarding setting up multiple connectors for multiple domains and searched other Microsoft doc but am unable to find a plain reference on how to create a service account that can access multiple domains. I'm likely not wording my searches accurately to get a good result.
    I know this is outside the scope of the subject but is kinda important for those of us needing multiple AD Connectors for multiple domain join profiles for multiple domains (we have 3).
    If you have any information that could lead me to the relevant doc it would be hugely appreciated.
    Thanks!
    Derek Pickell

  3. Cyndy Wall 1 Reputation point
    2022-09-09T20:24:14.727+00:00

    First time I am setting this up with more than 1 connector.
    Some clarifications/questions.

    Can an existing Connector add devcies in another domain or am i required to create the second connector?
    The second domain trusts the first where the connector resides.

    The current connector is on a dc which is not suggested.
    I'll have to remove the old connector and create a new if i have to make 2 connectors using a servcie account, as there is no admin group on the dc.

    For the service account do i have to delegate it (like the server) to both ou's one in each domain that the autopilot devcies are added to during domain join.
    I know you change it for the computer account in services.msc.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.