Autopilot as Hybrid Ad Join on a new fresh computer

Copper Contributor

Dear all,

I am working in hybrid environment (Azure AD, ADConnect, ADonpremise, Intune Connector), and I am able to "autopilot" a used computer using a hybrid AD Join deployment profile and it's working very fine... Windows is installed and the computer is integrated in our onpremise domain...

The problem is...
When I try to "autopilot" new fresh computer (windows 10 not installed yet), I am able to register the computer in autopilot using powershell command "get-windowsAutopilotinfo.ps1 -online", the computer appear also in the group linked to the hybrid profile, but the installation of the computer is done as Azure AD join and not as Hybrid AD Join...

 

Is there any way to Hybrid AD Join a new fresh computer instead of Azure AD Join??

 

Many thanks to your help

5 Replies

Hi @samppp,

 

first of all I want to give you an advice and go for azure ad joined device. There are very minimum reason to enroll your device as a hybrid. On premises services can be used if you setup ad connect correctly and the root certificate is installed on your device.

 

but back to your problem.

 

Did you het welcome to your organization screen during enrollment or welcome to Microsoft? if yes, it looks like you don’t have an autopilot profile assigned

 

if you get the welcome to your organization screen and you logon with your corp credentials and after the enrollment your device is azure ad joined, you have to check your autopilot profile because I think it is configured to azure ad joined instead of hybrid ad joined 

 

please let me know if this helps you to find why your device is azure ad joined after enrollment.

 

kind regards 

 

Rene 

Dear Rene,

Thank you very much for your reply and your advices regarding Azure AD Join.
I am also regarding by this way.

Regarding your question, I can get Welcome to our Company during the installation of Windows.
I can log in using my account (with intune licence)...

My Autopilot profile is working very fine with used computer, after login and setup step, my computer is directly integrated in the onpremise domain.
The problem is on new fresh laptop (just unbox).. the computer is not integrated to the domain and appear in Azure AD portal as Azure AD joined.
During the first Autopilot process on new laptop, I can see after registration of the computer in autopilot that no profile is assigned to the computer.... then the states change to updating and once I am logged to the first time in Windows10, the state of the profile switch as assigned... This mean after that my first Autopilot process is completed, if I reset the computer, my Hybrid Join profile will be applied in to the computer and integrate the onpremise domain.

Any advices?

Thanks again Rene and sorry for my bad english


hi @samppp,

 

Hopefully I understand it correct, your hybrid autopilot profile is working. But only after the first enrollment to azure ad and a reset. 

After you have upload the hardware hash you have to wait till the profile is assigned. This can take some time. After the status is changed from assigning to assigned you can start the enrollment. And on brand new device you will get the screen welcome to your organization 

Is it still not working after the status is changed to assigned. Can you share some configuration to be sure. Can you post a printscreen of your login screen on new devices and a printscreen of your autopilot profile configuration.

 

kind regards,

 

rene 

 

 

 

Dear Rene,

I will test wait you said and keep you informed.

Thank again Rene
samppp - I am happy that you were able to successfully join the machine to Hybrid AD. I get stuck when it is trying to get the ODJ Blob file and it says there is no connectivity. Did you install the Intune Connector on the domain controller or on a separate servers. We have it on separate servers and I am not sure whether this is the problem.

I get the error message "SOMETHING WENT WRONG" with error code 80004005

Did it complete the process of enrolling the device and joining to the domain and then allowing you to log back in? I do not get their at all.