Forum Discussion
Hybrid AAD Join with non-routable UPNs on onpremise AD
Does Hybrid AAD Join support non-routable UPNs on local AD? The issue: all requirements for hybrid AAS Join are met except of routable UPNs on on-prem AD (no SF). Effect: device state is changing to ...
As mentioned, this piece not going to work because the domain in not routable. Primary UPN/ ProxyAddress attribute needs to match the verified domain so Intune can can validate the request.
If xyz.com is verified domain->The synced user needs to be user@xyz.com, primary upn NOT alias.
Moe
If xyz.com is verified domain->The synced user needs to be user@xyz.com, primary upn NOT alias.
Moe
Moe_Kinani i can confirm that the only solution is to change all the on prem AD UPN's to a routable domain.
- Thanks, Th ms Vrhydn, when two guys are saying the same it must be truth!
Red Flag
I know it is too late for your query (approx. 3 months late), but for future researchers:
It is possible to achieve Hybrid Join with non-routable UPN, as long as you can deploy ADFS as your authentiation method.
Source (look at the table on the end of this link): https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan
Regards,
Rodrigo DiasHi Rodrigo30Horas thanks, you'r right. However ADFS in my case is not on option. We try to simplify and modernize rather than go an opposite way - which ADFS would actually mean. Thanks for highlighting this method.
