Forum Discussion
Matthias_Hei thanks for the advise.
However, it seems the Hybrid Join Skip process prevents you logging onto the machine until such a time that AD DC is in line of site and you logon using the internal AD DC account.
Here is my scenario,
- Machine is provisioned using the Hybrid Join Skip AD connectivity check, the machine is at a remote location with NO line of site access to DC.
- The machine is provisioned using the autopilot process, the account used is the device enrolment manager account.
- The deployment process proceeds with no reported issues. applications, configurations, policies etc are deployed.
- Upon logon, the logon screen displays that the logon is to the internal AD Domain. (This is not possible at the moment as there is NO direct line of site to the DC)
- Changed the account to logon using the account used to deployed to the device. (We can't sign you in with this credential because your domain isn't available) This is a O365 account! used to deploy the autopilot profile..
Established VPN connectivity into internal domain so DC is now in line of site.
- Can logon to the device using the internal domain credentials
- NOT able to logon to the device using the device management account used to deploy the device.
- Upon logon with the internal domain account the Autopilot provisioning process appear to begin again, although supposedly had finished prior to enable logon to the device.
Maybe I am doing something completely wrong here, however, I would have thought the device would have completed the original deployment connected AADJ therefore being able to logon to the device using an O365 account not an internal AD Domain as this may not be accessible at the time the device is deployed.
Maybe a bug or maybe my process is wrong..
Look forward to some sage advise...
Thanks
Sounds ok to me what you described.
You first see the Device ESP and then you are asked to log on but with a on premise AD account and with VPN. The device is at this stage actually a normal AD machine that is registered for Hybrid AD but that doesn't mean you can log on with a pure Azure AD account.
After log on the user ESP runs and there is also now the waiting time till the machine AD account is suycned up into AAD and successfully registered for Hybrid AD join.
Only then the desktop opens up for access.