Forum Discussion
Nimal1980
Jul 07, 2020Copper Contributor
Migrating from Hybrid to pure Azure AD
We've currently got our domain/environment setup in a Hybrid AD. We've got a DC with AzureAD Connect installed and syncing to Azure. The plan is to uninstall AzureAD connect, demote the DC serve...
Jul 07, 2020
Biggest concern is if you have any on-prem servers (File shares / printers etc.) that would still need local creds. Also you're going to need or probably want to invest into a profile moving tool. This is a newer one that supports migrating to AzureAD. There is another profwiz but I had issues with that, but you can check this one as well: https://ppm.laplink.com/
This will make it less painful to migrate users, otherwise you will have to setup new profiles when joining to azure.
If you are going to use InTune there are other considerations as to just joining them to azure AD doesn't fulling install the Intune management agent on the machine, not sure if this has been fixed since we did our migration but you used to have to completly put the machine in a reset state and join with the computer join experience in order to get this agent to install, which provided most of the GPO functionalities running as system etc.
This will make it less painful to migrate users, otherwise you will have to setup new profiles when joining to azure.
If you are going to use InTune there are other considerations as to just joining them to azure AD doesn't fulling install the Intune management agent on the machine, not sure if this has been fixed since we did our migration but you used to have to completly put the machine in a reset state and join with the computer join experience in order to get this agent to install, which provided most of the GPO functionalities running as system etc.
Nimal1980
Jul 07, 2020Copper Contributor
Thanks for the insights ChrisWebbTech ! Much appreciated. There aren't any plans to get them Intune managed, but its in the pipeline. I guess i'll know soon enough if the problem you mentioned is fixed. Out of curiosity, when did you experience this problem...was it recently, or years ago?
Cheers
- Thijs LecomteJul 08, 2020Bronze ContributorBe aware, if you join to AAD only and don't have Intune setup, there is no way to automatically enroll all of your computers in Intune.
I strongly advise to join to AAD and Intune at the same time.
Otherwise, the join to Intune has to be initiated locally by users who need local admin- Nimal1980Jul 08, 2020Copper ContributorI hadn't considered that, thanks for the insights. May need to reconsider our approach now.
- Jul 07, 2020Last Year. But Did a quick search it's no longer an issue apparently.
https://oliverkieselbach.com/2017/11/29/deep-dive-microsoft-intune-management-extension-powershell-scripts/
"UPDATE: Intune In-Development announcement March 2020
PowerShell scripts support for BYOD devices. PowerShell scripts will support Azure AD registered devices in Intune. This functionality does not support devices running Windows 10 Home edition.
The workflow is basically like this. If a PowerShell script is assigned to a user group (device groups are not supported since 22th of Oct.) and the agent is not installed, it will be pushed down automatically to the device via EnterpriseDesktopAppManagement CSP by Intune. Microsoft Intune network requirements and endpoints that must be reachable can be found here. This can be verified and traced in the “Advanced Diagnostics Report” of the MDM management."