Forum Discussion
Device Status when enrolled - Error
oryxway, there's a lot that may be going awry here. Your screenshots show issues with hybrid join and app deployment.
- Assuming you're trying to hybrid join here (as that's what that configuration profile is for), may we also assume you've set up hybrid join in your AAD following these docs?
https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-hybrid-azure-ad-join - Assuming this screenshot shows the device status for the "Domain Join" profile. Can you see any details else when you click on the error row?
- This screenshot seems to show app installations. That's completely unrelated, in my opinion, but it does make me suspect there's some other things that may be misconfigured. .
I suggest you troubleshoot things one step at a time, making sure each element works before moving adding the next.
- Assuming you're trying to hybrid join here (as that's what that configuration profile is for), may we also assume you've set up hybrid join in your AAD following these docs?
oryxway, there's a lot that may be going awry here. Your screenshots show issues with hybrid join and app deployment.
- Assuming you're trying to hybrid join here (as that's what that configuration profile is for), may we also assume you've set up hybrid join in your AAD following these docs?
https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-hybrid-azure-ad-join - Assuming this screenshot shows the device status for the "Domain Join" profile. Can you see any details else when you click on the error row?
- This screenshot seems to show app installations. That's completely unrelated, in my opinion, but it does make me suspect there's some other things that may be misconfigured. .
I suggest you troubleshoot things one step at a time, making sure each element works before moving adding the next.
- My concern is that when I enable this in Azure AD Connect (which is not enabled) will it affect all the devices OnPrem?
We are only wanting the new OOBE devices joining the Hybrid Azure ADAADConnect will not affect your existing, on-prem devices (unless you tell it to do so
). Are you sure you need to hybrid join, though? I would suggest you simply try to work with AAD joined devices, and only start looking into hybrid joining if you really need to.
NielsScheffers The MGMT does not want to do Azure AD for some reason as we have lots of apps that we know how it would work as that needs a big planning on our part. So, for now they want it to be Hybrid AAD.
So, should I enable it in AD Connect even though I have an Intune Connector installed separately for this Hybrid Azure AD? If enabling it in AD Connector is what is going to do it, then why would we need Intune Connector? I am sorry kind of not sure why it is separate?
So, that is why I am doing this. I also noticed that in the Computer OU where the machines are going to be joined, I delegated the permissions as per this document
https://docs.microsoft.com/en-us/mem/autopilot/windows-autopilot-hybrid
Unfortunately when I went and saw the Object and viewed the security part of it, I see that it has only special permissions and not Full permissions as per this document. I have assigned Full permissions as per the document for these two Intune Connectors. So, I am wondering whether I should enable full permissions here
This is what I saw when I went to the permissions security on the OU and I see nothing applied. I have enabled full now and I am going to try it.
