cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Windows Server and Hybrid Join

notyouraverageadmin
Copper Contributor

‎Apr 28 2022 03:45 PM

‎Apr 28 2022 03:45 PM

Windows Server and Hybrid Join

Almost all discussion about AAD Hybrid Join is directed toward Windows 10 and Windows 11.  There really isn't much discussion about Windows Server.  I believe I read that Windows 10 1803+ will automatically locate the SCP in Active Directory and immediately attempt to Hybrid Join.  Is this also the case for at least some Windows Server versions?  We have done a targeted AADHJ deployment to our Windows 10 systems, and are at 100%.  We are now ready to add the SCP to our AD domain so that all new Windows 10 systems will detect and Hybrid Join.  However, we're worried that Windows Servers might also locate the SCP and attempt to Hybrid Join.  Can anyone direct me to a Windows Server-oriented discussion of the SCP in AD?

2,860 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by notyouraverageadmin (Copper Contributor)
LainRobertson

‎May 04 2022 02:46 AM

‎May 04 2022 02:46 AM

Solution

Re: Windows Server and Hybrid Join

@notyouraverageadmin 

 

I can't find a discussion that provides the explicit, unambiguous confirmation you're hoping to find.

 

That said - and I realise this is ambiguous, all the literature does read as though Windows 2016 and above will indeed discover the SCP and perform a hybrid join if possible.

 

Anecdotally, I can at least confirm that the Server 2019 Standard virtual guests on an on-premise hypervisor (i.e. I've deliberately stayed away from the Azure IaaS guests as it's pretty much a given they're hybrid-joined) have indeed registered with Azure AD. I've confirmed this on both ends (on-premise and in Azure AD via Get-MgDevice.)

 

As I say, that's anecdotal, but it conforms to the behaviour outlined in a number of the official Microsoft articles from docs.microsoft.com that do at least explicitly reference the relevant client and server versions in the same sentence.

 

If you're looking to prevent automatic joining, the only documented method I'm aware of is the BlockAADWorkplaceJoin registry key outlined in:

 

Plan your hybrid Azure Active Directory join deployment | Microsoft Docs

 

Cheers,

Lain

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by notyouraverageadmin (Copper Contributor)
LainRobertson

‎May 04 2022 02:46 AM

‎May 04 2022 02:46 AM

Solution

Re: Windows Server and Hybrid Join

@notyouraverageadmin 

 

I can't find a discussion that provides the explicit, unambiguous confirmation you're hoping to find.

 

That said - and I realise this is ambiguous, all the literature does read as though Windows 2016 and above will indeed discover the SCP and perform a hybrid join if possible.

 

Anecdotally, I can at least confirm that the Server 2019 Standard virtual guests on an on-premise hypervisor (i.e. I've deliberately stayed away from the Azure IaaS guests as it's pretty much a given they're hybrid-joined) have indeed registered with Azure AD. I've confirmed this on both ends (on-premise and in Azure AD via Get-MgDevice.)

 

As I say, that's anecdotal, but it conforms to the behaviour outlined in a number of the official Microsoft articles from docs.microsoft.com that do at least explicitly reference the relevant client and server versions in the same sentence.

 

If you're looking to prevent automatic joining, the only documented method I'm aware of is the BlockAADWorkplaceJoin registry key outlined in:

 

Plan your hybrid Azure Active Directory join deployment | Microsoft Docs

 

Cheers,

Lain

View solution in original post

1 Like
Reply