Forum Discussion
Intune Connector installation - Hybrid Azure AD Join
Hi
I would like to know whether the Intune Connector that needs to be installed should be installed on separate servers or should it be installed on the domain controllers?
Thank you
- DurranteBrass ContributorHey, it can be installed on DC's and non-DC's, however, your org may not allow installations on DC's so best check your policies. But from a functional level, it doesn't really matter other than your connector must be located fairly close to your DC's so latency isn't an issue. See more: https://docs.microsoft.com/en-us/mem/autopilot/windows-autopilot-hybrid#before-you-begin
- oryxway390Brass Contributor
Durrante Thanks Durrante. It looks like Hybrid Azure AD join is only possible with a VPN connectivity? Is that true? Without VPN remote devices would not be joining?
So, I moved to Azure AD join and I am getting an error and this is the error in User Device Registration event log
Next, Is there any enrollment restrictions that could be causing the problem or conditional access?
I see that in the device settings it has around 20 and only couple of users who have permissions to join the domain. Could this 20 devices restrictions causing this issue?
- DurranteBrass ContributorYes, connectivity to your domain controllers is needed.
With your 2nd issue, I would suggest looking at your Azure AD device joining permissions and your MDM enrolment user scopes.
- KurtBMayerSteel Contributor
Another thing to consider is proximity placement with the ODJ Connector. If you have multiple AD sites and are running Autopilot joins at each site, you should place a connector on a server at each site. This improves the response time for the domain join. If the connector is on the DC or on the same subnet as a DC, it'll likely respond faster. Similarly, keeping it close to AD Connect also reduces the sync cycle latency when it replicates the information to Azure AD, thus helping Autopilot to complete sooner.
Please like or mark this thread as answered if it's helpful, thanks!