Unable to Hybrid Join computers

Jeremy160 · ‎Jul 04 2021

Hi there,

We have a 2016 std server that runs AAD connect, it syncs users and password hash to 365 and this all works fine. Most of the computers appear in 365 as "Azure AD Registered", however we want them to be Hybrid Joined so that we can manage them with Intune.

We have followed the guides on setting this up, made the 2 x CNAME, used the GPO to push out the settings (confirmed its working on the computers), however none of them are joining.

I am seeing some errors

- On the computers in the properties > Attribute Editor > UserCertificate it is not generating a cert

- When i run sregcmd /status on a computer, I am seeing errors such as the devices does not exist in Azure

- Looking at AAD Sync - if i run the powershell troubleshooter I see the following - I get Successful for "is found in AD Connector Space -", "is found ni Metaverse" - I get the error for "is not found in AAD connector space"

- This then lead me to the 3 rules as it was not meeting the requirements and so i disabled them all, but its not working as if it does not have a certificate then it wont sync, effectivly the Device JoinSOAInAD, Device STKKey

I think i am missing something here but cant seem to figure it out!

boneyfrancis · ‎Jul 06 2021

Hi @Jeremy160,

To begin with, the difference between the various options are explained here: https://docs.microsoft.com/answers/storage/attachments/19291-image.png
What you’re apparently looking for is converting from #4 to #2. Unfortunately there may not be an easy way around this, the devices may need to be disjoined and rejoined- AFTER Hybrid Azure AD is properly configured. Regarding the errors you’re seeing, it’d best to open a support ticket with MSFT on the same.

Products (65)

Special Topics (44)

Video Hub (978)

Most Active Hubs

Most Active Hubs

Video Hub

Unable to Hybrid Join computers

Unable to Hybrid Join computers

Re: Unable to Hybrid Join computers