Forum Discussion
Can anyone help fot setup of specific devices that is synced to hybrid azure ad join?
hongwoo_jin You can configure specific PCs to hybrid join by using client side registry keys rather than setting up the hybrid join SCP in AADConnect - I use group policy preferences registry items to set these:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CDJ\AAD\TenantId – REG_SZ – and set the value to your tenant ID (can be obtained from the Azure AD Overview screen)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CDJ\AAD\TenantName – REG_SZ – and set the value to your primary domain (again this can be seen on the Azure AD Overview screen).
hongwoo_jin You can configure specific PCs to hybrid join by using client side registry keys rather than setting up the hybrid join SCP in AADConnect - I use group policy preferences registry items to set these:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CDJ\AAD\TenantId – REG_SZ – and set the value to your tenant ID (can be obtained from the Azure AD Overview screen)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CDJ\AAD\TenantName – REG_SZ – and set the value to your primary domain (again this can be seen on the Azure AD Overview screen).
CoasterKaty You mean I don't need to select and activate hybird azure ad join into aad connect server? I just only set those two registry keys which you mentioned before, then does it automatically also change that status to hybrid azure ad joined without setting hybrid azure ad on aad connect server.
I hope please give a full guide to followup if you are ok? I'm confusing it with just that information.
Thx
hongwoo
hongwoo_jin Please ignore the message asking to you call a phone number as it's a scam, I've notified the moderators to get it removed.
CoasterKaty OK, Katy
I'll ignore that message which you mentioned.
Some members mentioned it needs to edit inbound rules on editing synchronization rules in aad connect. Do you know that way? I'm confusing how to edit it.
Thx
Hongwoo
hongwoo_jin I've not had to edit anything - I made sure devices were being synced as well as users (so they should appear in Azure AD > Devices with a status of "Pending") and then set the two registry keys on the computers I wanted hybrid joined, ran dsregcmd /join and they hybrid joined. I've got 500 devices hybrid joined with this method (as our network configuration is incompatible with configuring hybrid join using AADConnect)
hongwoo_jin You need to be syncing computer account as well as user accounts with Azure AD Connect Sync setup but no you don't need to configure hybrid domain join in AAD Connect, you just need those two registry keys on the windows 10 devices you want to be hybrid joined. Once they're set it should auto join by itself and you can monitor this with dsregcmd /status on the client, if you don't want to wait for it you can run dsregcmd /join.