Feb 07 2021
- last edited on
Jan 14 2022
Can anyone know how to setup hybrid azure ad join devices not all computers but specific computers?
I tried to configure it that followed by Microsoft docs with select specific computer ou which own its computer ou to change hybrid azure ad join, but in this case all computers has changed to hybrid azure ad join , that is not my option, so anyone who knows how to configure hybrid azure ad join for specific computers, please give me guide.
Feb 07 2021 07:30 PMSolution
@hongwoo_jin You can configure specific PCs to hybrid join by using client side registry keys rather than setting up the hybrid join SCP in AADConnect - I use group policy preferences registry items to set these:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CDJ\AAD\TenantId – REG_SZ – and set the value to your tenant ID (can be obtained from the Azure AD Overview screen)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CDJ\AAD\TenantName – REG_SZ – and set the value to your primary domain (again this can be seen on the Azure AD Overview screen).
Feb 08 2021 02:53 AM
@CoasterKaty You mean I don't need to select and activate hybird azure ad join into aad connect server? I just only set those two registry keys which you mentioned before, then does it automatically also change that status to hybrid azure ad joined without setting hybrid azure ad on aad connect server.
I hope please give a full guide to followup if you are ok? I'm confusing it with just that information.
Feb 08 2021 06:47 AM
@hongwoo_jin You need to be syncing computer account as well as user accounts with Azure AD Connect Sync setup but no you don't need to configure hybrid domain join in AAD Connect, you just need those two registry keys on the windows 10 devices you want to be hybrid joined. Once they're set it should auto join by itself and you can monitor this with dsregcmd /status on the client, if you don't want to wait for it you can run dsregcmd /join.
Feb 08 2021 06:57 AM
@hongwoo_jin Please ignore the message asking to you call a phone number as it's a scam, I've notified the moderators to get it removed.
Feb 08 2021 07:41 PM
@CoasterKaty OK, Katy
I'll ignore that message which you mentioned.
Some members mentioned it needs to edit inbound rules on editing synchronization rules in aad connect. Do you know that way? I'm confusing how to edit it.
Feb 09 2021 02:46 AM
@hongwoo_jin I've not had to edit anything - I made sure devices were being synced as well as users (so they should appear in Azure AD > Devices with a status of "Pending") and then set the two registry keys on the computers I wanted hybrid joined, ran dsregcmd /join and they hybrid joined. I've got 500 devices hybrid joined with this method (as our network configuration is incompatible with configuring hybrid join using AADConnect)
Feb 12 2021 06:42 PM - edited Feb 13 2021 01:17 AM
I cannot see any devices as pending status in azure active directory devices,
I created a domain controller then created o365 users syncing to o365 azure active directory using aad connect , then selected o365 users and speicific computer ou so that hybrid azure ad joined, I couldn't set hybrid azure ad join in aad connect. Can you give an advise to fix it?
As you mentioned before, if I can see devices in azure active directory on m365 portal, let me make group policy with which you gave two registry. I think you did setup MDM , no?
Mar 07 2021 07:57 PM