Forum Discussion

Alan Birch's avatar
Alan Birch
Copper Contributor
Sep 06, 2017
Solved

Why no OUs in Azure AD

I'm starting to look at Intune for managing our desktops. I have created a dynamic group and pointed that at a particular OU but I've realised it never gets any members as there are no OUs in Azure A...
office 365
  • VasilMichev's avatar
    VasilMichev
    Sep 07, 2017

    Sadly, administrative units are good for nothing. They have so many limitations, they're practically just a "proof of concept". You will not be able to use them in Intune, or anything else for that matter.

     

    And in general, if you want a "traditional" desktop management, based on OUs/GPOs and so on, Azure AD and Intune are NOT the solution for it. AD DS might get closer, but personally I'd stick with good old proven methods...

Loryan Strant's avatar
Loryan Strant
MVP
Sep 06, 2017
You are correct - AAD does not have OUs, but the AAD Connect sync tool can sync across users from OUs.
AAD is flat from an organisational perspective, as opposed to AD - which dates back over 15 years now. Times have changed and groups are king.
You can use features like dynamic group membership to assign licenses and access to things, as well as groups that you would use in Intune.
I don't have a specific answer for you, but it does require you to change your thinking.
Alan Birch's avatar
Alan Birch
Copper Contributor
Sep 06, 2017

Hi Loryan,

Yes, we already heavily use groups for users. I'm using group based licencing in Azure for our 365 synced accounts which has been a godsend. I've been researching using Intune for devices and even Office Docs suggests creating dynamic machine groups and deploy rings for management/updating of Win 10 devies. Maybe it's not suitable for desktops and is only applicable to a BYOD situation. More thinking/research to do...

Resources