Forum Discussion

notyouraverageadmin's avatar
notyouraverageadmin
Brass Contributor
Apr 28, 2022

Windows Server and Hybrid Join

Almost all discussion about AAD Hybrid Join is directed toward Windows 10 and Windows 11.  There really isn't much discussion about Windows Server.  I believe I read that Windows 10 1803+ will automa...
Active Directory (AD)
Azure Active Directory (AAD)
Azure AD Connect
Azure AD Domain Services
Identity Management
  • LainRobertson's avatar
    LainRobertson
    May 04, 2022

    notyouraverageadmin 

     

    I can't find a discussion that provides the explicit, unambiguous confirmation you're hoping to find.

     

    That said - and I realise this is ambiguous, all the literature does read as though Windows 2016 and above will indeed discover the SCP and perform a hybrid join if possible.

     

    Anecdotally, I can at least confirm that the Server 2019 Standard virtual guests on an on-premise hypervisor (i.e. I've deliberately stayed away from the Azure IaaS guests as it's pretty much a given they're hybrid-joined) have indeed registered with Azure AD. I've confirmed this on both ends (on-premise and in Azure AD via Get-MgDevice.)

     

    As I say, that's anecdotal, but it conforms to the behaviour outlined in a number of the official Microsoft articles from docs.microsoft.com that do at least explicitly reference the relevant client and server versions in the same sentence.

     

    If you're looking to prevent automatic joining, the only documented method I'm aware of is the BlockAADWorkplaceJoin registry key outlined in:

     

    Plan your hybrid Azure Active Directory join deployment | Microsoft Docs

     

    Cheers,

    Lain

LainRobertson's avatar
LainRobertson
Silver Contributor
May 04, 2022

notyouraverageadmin 

 

I can't find a discussion that provides the explicit, unambiguous confirmation you're hoping to find.

 

That said - and I realise this is ambiguous, all the literature does read as though Windows 2016 and above will indeed discover the SCP and perform a hybrid join if possible.

 

Anecdotally, I can at least confirm that the Server 2019 Standard virtual guests on an on-premise hypervisor (i.e. I've deliberately stayed away from the Azure IaaS guests as it's pretty much a given they're hybrid-joined) have indeed registered with Azure AD. I've confirmed this on both ends (on-premise and in Azure AD via Get-MgDevice.)

 

As I say, that's anecdotal, but it conforms to the behaviour outlined in a number of the official Microsoft articles from docs.microsoft.com that do at least explicitly reference the relevant client and server versions in the same sentence.

 

If you're looking to prevent automatic joining, the only documented method I'm aware of is the BlockAADWorkplaceJoin registry key outlined in:

 

Plan your hybrid Azure Active Directory join deployment | Microsoft Docs

 

Cheers,

Lain

Resources