AD Broken trust relationship

Question

We are in situation where our machines broken trust relationship. End users not ready to come back office and the object aren’t in AD. Now we want to make them Hybrid AAD join/Azure AD join

Is there a way to bring the machine back to domain?

je · Answer

they have.. let me try Thank you

harm_veenstra · Answer

You can get them back to the domain using VPN connection to your office when the user is still working at home. You can put them in a workgroup and rejoin them again using VPN and Teamviewer, the machine will then receive policies when connected and will hybrid azure ad join so that you can use the Intune functionality.

Please be aware of the fact that when you use the Wipe option in Intune and you have a hybrid join profile, that the machine must have a supported VPN connection when going through the Autopilot proces or it must be at the office. (Machine must be able to connect to your Domain Controllers)

je · Answer

Thank you Harm_Veenstra but i have more than 10k devices. OEM can provide hardware hash by serial number ?so that we can try wipe

harm_veenstra · Answer

Ok, that's an option but is the user going to wipe the device? They are not in Intune now? How do you manage them now?

You can autopilot deploy them if they are not in the office using the OEM for getting you the hardware hashes, Hybrid AAD join is more difficult because of the VPN requirement but if you don't need that and just want them to join Azure AD/Intune.. Then it's easy 🙂

je · Answer

Harm_Veenstra Thank youwe do have VPN now..easy way i am thinking is join them AAD bring them to intune deploy VPN and deploy domain join profile i am sure whether it works or not

Forum Discussion

AD Broken trust relationship

9 Replies

Resources