In this article, we will see how to sync on-premises domain-joined computers to Azure AD as hybrid domain-joined computers.
Let’s begin the configuration.
Click on Azure AD Connect to begin the configuration.
Select configure device options and click on Next,
Read about Hybrid Azure AD Joined and Device Writeback and click on Next,
Note
In this article, we are not going to see Device Writeback.
Enter Azure AD Global Administrator Account Credentials and Click on Next,
Select Configure Azure AD Join and click on Next,
Enter the details to add the SCP (Service connection point) in the On-Premises Active Directory. It is very much required to do the Hybrid domain join in the backend without user invention.
Enter the Active Directory Enterprise administrator account credentials.
You can enable the SCP by running the configuration or else you can download the script to get it enabled in the later stage.
Select the device types you need to enable the Hybrid AD domain and join.
Click on configure to begin the configuration.
All the elevations have been done to sync the devices. But that is not enough, we need to do a few more additional steps to make this work.
Post configuration tasks for Hybrid Azure AD join
- Set Azure AD policy for Windows down-level devices
- Log-in to your account in the Azure portal.
- Go to: Azure Active Directory > Devices > Device settings.
- Set “Users may register their devices with Azure AD” to ALL and Click on Save.
- Configure group policy to allow device registration
Create a Group Policy Object or enable the below settings in the domain-based Group Policy.
<Edit & go to:Computer Configuration > Policies > Administrative Templates > Windows Components > Device Registration
- Initialize ADSyncDomainJoinedComputerSync
You need to type Azure AD Directory Sync Account,
Initiate full sync using the below command,
Start-ADSyncSyncCycle -PolicyType Initial
After that all the applicable devices based on the OS Versions will start the Hybrid AD domain join.