Can I join a HAADJ device to another on-prem domain without breaking anything?

Michal Zyzak 31 Reputation points
2022-07-19T15:50:57.78+00:00

Hello.

We have on-prem forest with few domains, all synced to one tenant on Azure. We use autopilot for Windows 11 device deployments. We are using hybrid Azure domain join with Intune-SCCM co-management.
I'm curious if it is possible to use SCCM or other tool to join a device to another on-prem domain after it is deployed. In other words:

  1. A machine gets joined to on-prem domain (using offline domain join) and registered in Azure AD during Autopilot process.
  2. Later move it to another domain and reboot it.
    Will this work without breaking machine connection with AAD/Intune?

Thanks in advance!
MZ

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,654 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,082 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,721 questions
0 comments No comments
{count} votes

Accepted answer
  1. Jason Sandys 31,121 Reputation points Microsoft Employee
    2022-07-19T18:36:33.523+00:00

    This will not work or be supported as you are fundamentally changing the device's identity and also break the HAADJ as this relies on AAD connect syncing the object to AAD. There is no graceful, supported path to do what you've asked about (or one that actually works to my knowledge). Also, keep in mind that even if this technically could work, you'd be orphaning the user's profiles so the value of doing this in-place is limited at best.

    The best, supported path here is to reprovision the endpoints and AADJ them (as we strongly discourage HAADJ for new endpoint provisoining).

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful