cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Why no OUs in Azure AD

Alan Birch
Copper Contributor

‎Sep 06 2017 03:38 PM

‎Sep 06 2017 03:38 PM

Why no OUs in Azure AD

I'm starting to look at Intune for managing our desktops. I have created a dynamic group and pointed that at a particular OU but I've realised it never gets any members as there are no OUs in Azure AD. In fact, the only devices I see in Azure are those for which we have installed the Intune client even though AD Connect says it has synchronised all of my OUs. What am I missing?

Labels:
39.2K Views
0 Likes
5 Replies
Reply
5 Replies
Loryan Strant

‎Sep 06 2017 03:50 PM

‎Sep 06 2017 03:50 PM

Re: Why no OUs in Azure AD

You are correct - AAD does not have OUs, but the AAD Connect sync tool can sync across users from OUs.
AAD is flat from an organisational perspective, as opposed to AD - which dates back over 15 years now. Times have changed and groups are king.
You can use features like dynamic group membership to assign licenses and access to things, as well as groups that you would use in Intune.
I don't have a specific answer for you, but it does require you to change your thinking.
0 Likes
Reply
Alan Birch

‎Sep 06 2017 04:15 PM

‎Sep 06 2017 04:15 PM

Re: Why no OUs in Azure AD

Hi Loryan,

Yes, we already heavily use groups for users. I'm using group based licencing in Azure for our 365 synced accounts which has been a godsend. I've been researching using Intune for devices and even Office Docs suggests creating dynamic machine groups and deploy rings for management/updating of Win 10 devies. Maybe it's not suitable for desktops and is only applicable to a BYOD situation. More thinking/research to do...

0 Likes
Reply
Robert Luck

‎Sep 06 2017 05:24 PM

‎Sep 06 2017 05:24 PM

Re: Why no OUs in Azure AD

Azure AD offers AU (Administrative Unit). It's somewhat equivalent to the on-premise OU functionality. You can read more about in the link below.

 

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-administrative-units-manage...

1 Like
Reply
best response confirmed by Alan Birch (Copper Contributor)
Vasil Michev

‎Sep 07 2017 12:31 AM

‎Sep 07 2017 12:31 AM

Solution

Re: Why no OUs in Azure AD

Sadly, administrative units are good for nothing. They have so many limitations, they're practically just a "proof of concept". You will not be able to use them in Intune, or anything else for that matter.

 

And in general, if you want a "traditional" desktop management, based on OUs/GPOs and so on, Azure AD and Intune are NOT the solution for it. AD DS might get closer, but personally I'd stick with good old proven methods...

1 Like
Reply
Robert Luck

‎Sep 07 2017 04:02 AM

‎Sep 07 2017 04:02 AM

Re: Why no OUs in Azure AD

Check whether the recently announced Role Based Access Control feature in Intune matches your requirement.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Alan Birch (Copper Contributor)
Vasil Michev

‎Sep 07 2017 12:31 AM

‎Sep 07 2017 12:31 AM

Solution

Re: Why no OUs in Azure AD

Sadly, administrative units are good for nothing. They have so many limitations, they're practically just a "proof of concept". You will not be able to use them in Intune, or anything else for that matter.

 

And in general, if you want a "traditional" desktop management, based on OUs/GPOs and so on, Azure AD and Intune are NOT the solution for it. AD DS might get closer, but personally I'd stick with good old proven methods...

View solution in original post

1 Like
Reply