Moving Domain Joined to Hybrid AD join

Dilan Nanayakkara 1,111 Reputation points
2021-10-29T02:23:17.7+00:00

Hi All,

We are planning to moving from domain joined to Hybrid AD joined and I have few concerns on that. Appreciate if any one can help on this.

1) We have Installed Azure AD Connector as of now since we are already using O365 and Configured "Sync all domains and OUs" option in Azure AD Connector. So I just wanted to enable Hybrid AD joined to few clients first excluding services. Is there any impact if select "Sync selected domains and OUs" option and deselect domain controllers, Servers and other clients which I don't want to hybrid AD joined initially ?

2) Other thing I wanted to know, what are the impact if I configure Hybrid AD joined as it is (with Sync all domains and OUs)? it should be showing all domain controllers and servers as hybrid AD joined devices in Azure AD devices. Is there are any advantages or disadvantages if all devices configured as hybrid ad joined?

3) Finally, I would like to know any know issues or disadvantages on Hybrid AD joined method over Standalone Azure AD joined or Any recommendations?

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,161 questions
0 comments No comments
{count} votes

Accepted answer
  1. VipulSparsh-MSFT 16,296 Reputation points Microsoft Employee
    2021-11-05T04:57:16.873+00:00

    @Dilan Nanayakkara Thanks for reaching out and apologies for delay on this.

    1) You can choose which machines OU to sync with Azure AD to put them in Hybrid Azure AD Join state. The OUs containing computer accounts which are synced will only get converted to Hybrid AADJ.

    2) Not for servers but for normal machines you can advantages like : https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid
    a)SSO to both cloud and on-premises resources
    b)Conditional Access through Domain join or through Intune if co-managed
    c)Self-service Password Reset and Windows Hello PIN reset on lock screen
    d)Enterprise State Roaming across devices

    3) It totally depends on your requirement, but here is one blog to dig down further which you might find helpful
    https://joymalya.com/azure-ad-join-vs-hybrid-azure-ad-join/


    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.