Updated 04/18/25: Based on customer feedback around challenges with setting up the connector with build 6.2501.2000.5, we have released an updated build with improved functionality and updated our tr...
Updated Apr 18, 2025
Version 5.0
Blog Post
Hello Intune team,
After deploying the new Intune Connector for Active Directory based on an sMSA, we have encountered an operational constraint.
Most of our customers operate a single forest with multiple child domains. With a single connector in the root domain, Autopilot devices enroll successfully in root domain OUs, yet fail to complete enrollment in the child domains. Documentation states that one connector is required per domain or child domain, which forces us to deploy and maintain several machines for a service that consumes minimal resources. This requirement increases licensing, infrastructure, and support costs—especially for small-sized organizations.
We would appreciate clarification on whether any supported method allows a single connector (or a single gMSA) to serve multiple child domains within the same forest, and whether there are short-term plans to introduce support for multi-host gMSAs or traditional service accounts.
Any official guidance you can provide will greatly assist us in planning service continuity and optimizing resources for our customers.
Thank you for your attention.
Hi RDBC
Thanks for sharing info about the issues, and we'd love to help where possible.
To clarify, we agree the current configuration does require a separate Intune Connector for each domain or child domain within a forest, and this is the expected behavior. Using a single connector or gMSA across multiple child domains isn’t officially supported, and the newer connector version retains this requirement to ensure secure and consistent operation.
While we understand that this is causing frustration and additional constraint, at this moment in time there isn’t a workaround that would enable cross-domain enrollment through a single connector, though moving to Entra join during Autopilot may help as this is our strongly recommended path.
If there's any further info you need, feel free to reach out to us via DM, and we'd be happy to help further.
Thanks!
Intune Support Team