Forum Discussion

Iron Contributor

Mar 25, 2020

Controlled validation of hybrid Azure AD join

Hi All Not sure if this should be here or in the Azure AD section. I'm looking to implement a Controlled validation of Hybrid Azure AD Join / Auto enrollment in Intune via GPO, using the MS g...

Intune

mobile device management (mdm)

StuartK73

Iron Contributor

Mar 27, 2020

Thijs Lecomte

Hi Buddy

What I would like to do is:

Hybrid Azure AD Join my devices in my TEST / PILOT / UAT group only
Once successful
Apply to the whole on-premise AD domain / devices

Regards

Thijs Lecomte

Bronze Contributor

Mar 27, 2020

StuartK73

This is the way I do it:

- Create GPO with registry edits and apply to test OU

- If succesfull, delete GPO

- Assign domain wide policy through AAD connect (https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains)

BTW: best make sure all the computers are W10 1803 in order to avoid dual state (https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan#review-controlled-validation-of-hybrid-azure-ad-join)

StuartK73
Iron Contributor
Mar 28, 2020
Thijs Lecomte

Hi Buddy

So the process would be:

Controlled Hybrid Azure AD Join on Test OU
Then once successful
Configure AADC

In essence, DO NOT TOUCH AADC until Controlled Hybrid Azure AD Join is verified OK?

Regards
- Thijs Lecomte
  Bronze Contributor
  Mar 30, 2020
  StuartK73 that's correct 🙂
  
  let me know how it goes!
  - StuartK73
    Iron Contributor
    Apr 06, 2020
    Thijs Lecomte
    
    Sorry, I did mention before about applying the Controlled Hybrid GPO to the test OU BEFORE touching AADC, but I assume the TEST OU must be included in the AADC sync with the syncing of devices as per below?