Aug 09 2022 10:42 AM
I have couple of questions.
1. I have defined the Configuration Profile for Domain Join profile and mentioned the
Computer name prefix -
Domain Name
Organizations Unit
But, it seems to be not joining the domain and it is not taking the prefix instead it is giving its own prefix as DESKTOP-blahblah
2. Under All devices it shows Error under "DEPLOYMENT STATUS", what am I doing wrong here?
3. It was showing as "Waiting for Install status'
Aug 10 2022 02:02 AM - edited Aug 10 2022 02:03 AM
Solution@oryxway, there's a lot that may be going awry here. Your screenshots show issues with hybrid join and app deployment.
I suggest you troubleshoot things one step at a time, making sure each element works before moving adding the next.
Aug 10 2022 03:46 AM
Aug 10 2022 04:51 AM
AADConnect will not affect your existing, on-prem devices (unless you tell it to do so ).
Are you sure you need to hybrid join, though? I would suggest you simply try to work with AAD joined devices, and only start looking into hybrid joining if you really need to.
Aug 10 2022 05:11 AM
@NielsScheffers The MGMT does not want to do Azure AD for some reason as we have lots of apps that we know how it would work as that needs a big planning on our part. So, for now they want it to be Hybrid AAD.
So, should I enable it in AD Connect even though I have an Intune Connector installed separately for this Hybrid Azure AD? If enabling it in AD Connector is what is going to do it, then why would we need Intune Connector? I am sorry kind of not sure why it is separate?
So, that is why I am doing this. I also noticed that in the Computer OU where the machines are going to be joined, I delegated the permissions as per this document
https://docs.microsoft.com/en-us/mem/autopilot/windows-autopilot-hybrid
Unfortunately when I went and saw the Object and viewed the security part of it, I see that it has only special permissions and not Full permissions as per this document. I have assigned Full permissions as per the document for these two Intune Connectors. So, I am wondering whether I should enable full permissions here
This is what I saw when I went to the permissions security on the OU and I see nothing applied. I have enabled full now and I am going to try it.
Aug 10 2022 07:53 AM
No disrespect intended, but I think you should take a couple of steps back and reconsider your design options here. It kind of sounds like your management thinks hybrid-joining is a stop-over in a migration trajectory. That's not true: it's a solution for very specific use cases (and it can be a tricky thing to operate).
Anyway, addressing your first question: AADConnect and the Intune Connector are separate installs because they serve two distinctly different purposes. They don't even belong to the same solution.
Azure AD Connect is part of Azure AD. It is what enables you to create a relation between your on-prem AD and Azure AD. There's a lot of stuff involved here (like you authentication flow and such) so take your time and do it right.
It is also required for hybrid-join, as it lays the ground-work for all this hybrid identity stuff. So, this would be the first thing you need to set up.
The Intune Connector for AD is part of the Intune (MEM) solution. It makes sure Intune can coordinate the (offline) domain-join (to your on-prem AD) for your devices. You can only get this working after connecting your on-prem AD to Azure AD.
Before we go any further into this, start by setting up your hybrid AD. All the other things are irrelevant until you've got that up and running.
Aug 10 2022 08:27 AM
Aug 10 2022 02:02 AM - edited Aug 10 2022 02:03 AM
Solution@oryxway, there's a lot that may be going awry here. Your screenshots show issues with hybrid join and app deployment.
I suggest you troubleshoot things one step at a time, making sure each element works before moving adding the next.