join azure ad

Shahin Mortazave 486 Reputation points
2021-11-26T13:02:54.057+00:00

Hi guy's,

We want to setup Hybrid Joined Azure AD for our on-prem joined devices.
I have 2 questions regarding after setting up the hybrid Azure AD:

  1. does existing on-prem joined devices will also automatically joined to the Azure AD? or automatic join works only when joining a new device to on-prem AD?
  2. can we only join selected devices to the azure ad after the hybrid azure ad is setup? we want to run some test first.

Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,386 questions

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Siva-kumar-selvaraj 15,546 Reputation points
    2021-11-26T16:40:17.167+00:00

    Hello @Shahin Mortazave ,

    When all prerequisites are met, windows devices will automatically register as devices in your Azure AD tenant. . Therefore, if you desire to test it for group of devices prior to activating it across the entire organization, you may use the "Controlled validation of hybrid Azure AD join" technique, which is outlined here.

    https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-control

    I hope this was helpful.

    ------
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments
  2. Alan Kinane 16,786 Reputation points MVP
    2021-11-26T14:19:09.667+00:00
    1. If all of the pre-requisites are in place then yes the devices will automatically sync to Azure AD through Azure AD connect so you would need to plan for this. See the implementation guide here for those pre-requisite requirements. https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains
    2. Yes, see this article for a controlled validation process: https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-control
    0 comments
  3. Shahin Mortazave 486 Reputation points
    2021-11-26T15:35:12.607+00:00

    @Alan Kinane Thanks for your reply,
    So if I understand correctly the already domain Joined PC's if match the pre-requisites will be joined to Azure AD automatically, what is unclear to me if the part of not joining all of the on-prem pc's at the same time to the Azure AD!
    Can we do this only by adding the group of users that can join their PC to azure ad to Devices | Device settings or we have to also remove the SCP and add those registries via group policy to machine that we want to be joined to the Azure AD? or it must be a combination of the two?

    Thanks

  4. Shahin Mortazave 486 Reputation points
    2021-11-30T11:42:36.047+00:00

    @sikumars-msft Thanks for your update,

    3 questions,

    1. should we add the registry keys to the PC that we want to add to azure ad with hybrid azure ad, is this correct?
    2. should we remove the SCP from on-prem AD before or after we configure the Hybrid Azure AD on our on-prem AAD. also there are not any negative effect when removing the SCP, correct?
    3. when the hybrid azure ad is enabled for all devices, what would happens to server 2016 and server 2019 server? does these also get registered with azure ad aw well?

    Thanks

  5. Marios Christodoulou 1 Reputation point
    2022-08-24T19:04:18.897+00:00
    1. Yes computers will automatically try to hybrid join once you enable it AD Connect. And each time a computers boot up will try to ad hybrid join.

    To manually join a computer you can run the command: dsregcmd /join /debug .

    To check status run :dsregcmd /status .

    The computer will need to be in the Azure Active Directory devices to be able to hybrid join. So you must sync devices and filter them out in AD Connect.

    1. One way of doing it is to sync a selected set of devices though OU filtering in AD Connect.

    Best,
    Marios.

    0 comments