Forum Discussion

hongwoo_jin's avatar
hongwoo_jin
Brass Contributor
Feb 08, 2021
Solved

Can anyone help fot setup of specific devices that is synced to hybrid azure ad join?

Hi, All Can anyone know how to setup hybrid azure ad join devices not all computers but specific computers? I tried to configure it that followed by Microsoft docs with select specific computer ou ...
Azure Active Directory (AAD)
microsoft 365
  • CoasterKaty's avatar
    CoasterKaty
    Feb 08, 2021

    hongwoo_jin You can configure specific PCs to hybrid join by using client side registry keys rather than setting up the hybrid join SCP in AADConnect - I use group policy preferences registry items to set these:

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CDJ\AAD\TenantId – REG_SZ – and set the value to your tenant ID (can be obtained from the Azure AD Overview screen)

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CDJ\AAD\TenantName – REG_SZ – and set the value to your primary domain (again this can be seen on the Azure AD Overview screen).

hongwoo_jin's avatar
hongwoo_jin
Brass Contributor
Feb 08, 2021

CoasterKaty  You mean I don't need to select and activate hybird azure ad join into aad connect server? I just only set those two registry keys which you mentioned before, then does it automatically also change that status to hybrid azure ad joined without setting hybrid azure ad on aad connect server.

 

I hope please give a full guide to followup if you are ok? I'm confusing it with just that information.

 

Thx

hongwoo

CoasterKaty's avatar
CoasterKaty
MVP
Feb 08, 2021

hongwoo_jin Please ignore the message asking to you call a phone number as it's a scam, I've notified the moderators to get it removed.

  • hongwoo_jin's avatar
    hongwoo_jin
    Brass Contributor
    Feb 09, 2021

    CoasterKaty OK, Katy 

    I'll ignore that message which you mentioned.

     

    Some members mentioned it needs to edit inbound rules on editing synchronization rules in aad connect. Do you know that way? I'm confusing  how to edit it. 

     

    Thx

    Hongwoo

    • CoasterKaty's avatar
      CoasterKaty
      MVP
      Feb 09, 2021

      hongwoo_jin I've not had to edit anything - I made sure devices were being synced as well as users (so they should appear in Azure AD > Devices with a status of "Pending") and then set the two registry keys on the computers I wanted hybrid joined, ran dsregcmd /join and they hybrid joined. I've got 500 devices hybrid joined with this method (as our network configuration is incompatible with configuring hybrid join using AADConnect)

      • hongwoo_jin's avatar
        hongwoo_jin
        Brass Contributor
        Feb 13, 2021

        CoasterKaty 

        I cannot see any devices as pending status in azure active directory devices, 

        I created a domain controller then created o365 users syncing to o365 azure active directory using aad connect , then selected o365 users and speicific computer ou so that hybrid azure ad joined, I couldn't set hybrid azure ad join in aad connect. Can you give an advise to fix it?

        As you mentioned before, if I can see devices in azure active directory on m365 portal, let me make group policy with which you gave two registry. I think you did setup MDM , no?

         

        Thx

Resources