Home

Sync Windows 10 machines to AAD - where do we see them?

%3CLINGO-SUB%20id%3D%22lingo-sub-260265%22%20slang%3D%22en-US%22%3ESync%20Windows%2010%20machines%20to%20AAD%20-%20where%20do%20we%20see%20them%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-260265%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20I%20sync%20users%20to%20AAD%20I%20can%20see%20them%20in%20Azure%20portal%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAzure%20Active%20Directory%20%7C%20Users%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20understood%20you%20can%20sync%20Windows%2010%20devices%20to%20AAD.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EIf%20that%20is%20exact%2C%20how%20would%20you%20know%20if%20they%20are%20synced%20or%20not%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERecently%20synced%20users%20appear%20in%20the%20location%20indicated%20above%20and%20we%20can%20also%20see%20them%20in%20the%20MS%20365%20Admin%20Center%20(Users%20%7C%20Active%20Users).%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EThe%20only%20Windows%2010%20machines%20we%20can%20see%20in%20Azure%20Active%20Directory%20%7C%20Devices%20are%20those%20that%20were%20registered%20manually%20by%20the%20users.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%20for%20your%20assistance.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-260265%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-262157%22%20slang%3D%22en-US%22%3ERe%3A%20Sync%20Windows%2010%20machines%20to%20AAD%20-%20where%20do%20we%20see%20them%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-262157%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20Brent.%20I%20noticed%26nbsp%3Ban%26nbsp%3Boptional%20feature%26nbsp%3Blike%20that%20when%20I%20ran%20the%20the%20ADD%20Connect%20configuration%20tool.%20Does%20the%20option%20you%20suggest%20imply%20that%20write-back%20(to%20onsite%20AD)%20is%20enabled%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-260383%22%20slang%3D%22en-US%22%3ERe%3A%20Sync%20Windows%2010%20machines%20to%20AAD%20-%20where%20do%20we%20see%20them%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-260383%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20hybrid%20joined%20devices%20and%20also%20synchronized%20devices%20will%20be%20shown%20at%20AAD%20-%26gt%3B%20Devices%20or%20you%20can%20use%20PowerShell%3A%20Get-AzureADDevices%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThey%20are%20not%20shown%20on%20myapps.microsoft.com%20for%20example%20as%20they%20are%20not%20joined%20by%20a%20user%2C%20instead%20by%20the%20computer%20account%20itself.%3C%2FP%3E%3CP%3ESynched%20devices%20will%20normaly%20show%20like%20MYPC03%24%20while%20this%20changes%20when%20hybrid%20join%20by%20the%20device%20will%20take%20place%20(dsregcmd.exe)%20then%20it%20will%20be%20renamed%20MYPC03.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOlder%20devices%20entries%20(Workplace%20Joined)%20cannot%20be%20merged%20with%20the%20hybrid%20joined%20devices%2C%20you%20can%20just%20remove%20them%20because%20they%20will%20not%20be%20used%20any%20more.%3C%2FP%3E%3CP%3ETo%20identity%20if%20a%20device%20a%20currently%20used%2C%20check%20the%20proximateLastLogin%20attribute%20on%20the%20PowerShell%20output.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%2FPeter%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-260270%22%20slang%3D%22en-US%22%3ERe%3A%20Sync%20Windows%2010%20machines%20to%20AAD%20-%20where%20do%20we%20see%20them%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-260270%22%20slang%3D%22en-US%22%3E%3CP%3EThere%20is%20a%20setting%20in%20AADConnect%20(and%20also%20a%20powershell%20that%20can%20be%20run)%20to%26nbsp%3Benable%20this%20(it%20is%20called%20hybrid%20azure%20ad%20joining%22.%26nbsp%3B%20Basically%20tells%20Azure%20that%20these%20computers%20exist%20in%20your%20On-Prem%20AD%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20place%20we%20look%20is%20in%20Azure%20Portal%2C%20Home%20%26gt%3B%20Microsoft%20Intune%20%26gt%3B%20Azure%20AD%20Devices%3C%2FP%3E%3CP%3EYou%20can%20also%20get%20there%20at%20Azure%20Portal%20%26gt%3B%20Azure%20Active%20Directory%20%26gt%3B%20Devices%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou'll%20see%20two%20entries%20for%20each%20computer%20if%20you've%20done%20it%20right%20under%20Join%20Type%2C%201%20for%20the%20%22Azure%20AD%20Registered%22%2C%20and%201%20for%20the%20%22Hybrid%20Azure%20AD%20Joined%22.%26nbsp%3B%20We've%20never%20been%20able%20to%20figure%20out%20how%20to%20merge%20them%20into%20the%20same%20entry.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20599px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F53926i54F7B90AA9C46937%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%222018-09-21%2009_34_26-Devices%20-%20Microsoft%20Azure.png%22%20title%3D%222018-09-21%2009_34_26-Devices%20-%20Microsoft%20Azure.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
David Machula
Occasional Contributor

When I sync users to AAD I can see them in Azure portal:

 

Azure Active Directory | Users

 

I understood you can sync Windows 10 devices to AAD.


If that is exact, how would you know if they are synced or not?

 

Recently synced users appear in the location indicated above and we can also see them in the MS 365 Admin Center (Users | Active Users).


The only Windows 10 machines we can see in Azure Active Directory | Devices are those that were registered manually by the users.

 

Thanks in advance for your assistance.

3 Replies
Highlighted

There is a setting in AADConnect (and also a powershell that can be run) to enable this (it is called hybrid azure ad joining".  Basically tells Azure that these computers exist in your On-Prem AD

 

The place we look is in Azure Portal, Home > Microsoft Intune > Azure AD Devices

You can also get there at Azure Portal > Azure Active Directory > Devices

 

You'll see two entries for each computer if you've done it right under Join Type, 1 for the "Azure AD Registered", and 1 for the "Hybrid Azure AD Joined".  We've never been able to figure out how to merge them into the same entry.

 

2018-09-21 09_34_26-Devices - Microsoft Azure.png

Hi hybrid joined devices and also synchronized devices will be shown at AAD -> Devices or you can use PowerShell: Get-AzureADDevices

 

They are not shown on myapps.microsoft.com for example as they are not joined by a user, instead by the computer account itself.

Synched devices will normaly show like MYPC03$ while this changes when hybrid join by the device will take place (dsregcmd.exe) then it will be renamed MYPC03.

 

Older devices entries (Workplace Joined) cannot be merged with the hybrid joined devices, you can just remove them because they will not be used any more.

To identity if a device a currently used, check the proximateLastLogin attribute on the PowerShell output.

 

/Peter

 

Thanks Brent. I noticed an optional feature like that when I ran the the ADD Connect configuration tool. Does the option you suggest imply that write-back (to onsite AD) is enabled?

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies