Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, April 22, 2020 1:06 PM
Hello Everyone,
I have a client that wants to remove all servers on premise in the next 1 year. So we are looking at creating a high level plan for him for just the desktops. I am curious has anyone connect AD Connect Hybrid join machines, Azure Active Directory Domain Services and intune all together. If so any issues that have come up.
My plan would be to to add hybrid ad join to his existing ad connect. If possible then set up Azure Active directory domain services and sync the users and set up the basic intune policies he needs now. I am assuming with hybrid ad join the pc's will automatically be registered in intune?.
The next part would be as he replaces laptops the new laptops will be joined straight to AADDS no longer on the domain and again i am assuming they will automatically be registered in intune?
thanks any any flaws or experience you have would be appreciated
All replies (3)
Thursday, April 23, 2020 2:24 AM âś…Answered
Hello,
For the hybrid joined devices, you can enroll the devices in Intune by using GPO. After deploying the GPO, the devices can be enrolled in Intune automatically. You can learn more about GPO enrollment by clicking the following link.
/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy
For the new laptops, when the laptops are joined in Azure AD, they can be enrolled in Intune automatically. Another way, you can use AutoPilot enrollment, which gives more better user experience. More details about the Intune enrollment methods, please click the following link.
/en-us/mem/intune/enrollment/enrollment-method-capab
By the way, for Azure AD Domain Service, only the VMs deployed on the Azure, can joined in AD DS. For the desktop or laptops, they can only join the Azure AD.
More details about Azure AD DS and Hybrid AD join, I would recommend to submit a new question on the Azure AD forum.
/answers/topics/azure-active-directory.html
Best regards,
Andy Liu
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, April 22, 2020 11:17 PM
From my understanding, Azure Active Directory Domain Services is just for joining Azure virtual machines to the domain.
You should just join the devices to Azure AD instead. When you replace laptops, you can use Autopilot to join the devices to Azure AD and have them enrolled and managed by Intune.
Thursday, May 14, 2020 1:05 AM
Hello,
To make the thread clear to read, I write a summary here:
Issue Symptom:
My plan would be to to add hybrid ad join to his existing ad connect. If possible then set up Azure Active directory domain services and sync the users and set up the basic intune policies he needs now.
Solution:
For the hybrid joined devices, you can enroll the devices in Intune by using GPO. After deploying the GPO, the devices can be enrolled in Intune automatically. You can learn more about GPO enrollment by clicking the following link.
/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy
For the new laptops, when the laptops are joined in Azure AD, they can be enrolled in Intune automatically. Another way, you can use AutoPilot enrollment, which gives more better user experience. More details about the Intune enrollment methods, please click the following link.
/en-us/mem/intune/enrollment/enrollment-method-capab
By the way, for Azure AD Domain Service, only the VMs deployed on the Azure, can joined in AD DS. For the desktop or laptops, they can only join the Azure AD.
More details about Azure AD DS and Hybrid AD join, I would recommend to submit a new question on the Azure AD forum.
/answers/topics/azure-active-directory.html
Best regards,
Andy Liu
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].