Azure Hybrid Domain Device Configuration using AADConnect

In this Article,We will see how to Sync Devices which are On-Premises domain joined computers to sync to Azure AD as Hybrid domain joined computers.
How to install AADConnect using the Express Installation, Please refer the Article
How to install AADConnect using the Express Installation,Please refer the Article

Let’s begin the configuration,
Click on Azure AD Connect to begin the configuration.

Select Configure Device Options and Click on Next

Read about what is Hybrid Azure AD Joined and Device Writeback and click on Next
Note: in this Article, we are not going to see Device Writeback

Enter Azure AD Global Administrator Account Credentials and Click on Next

Select Configure Azure AD Join and Click on Next

Enter the Details to add the SCP(Service connection point) in the On-Premises Active Directory. It is very much required to do the Hybrid domain join in the backend without users invention.

Enter the Active Directory Enterprise administrator Account Credentials

You can enable the SCP by running the configuration or else you can download the Script to get it enabled in later stage

Select the device types you need to enable the Hybrid AD domain join


Click on Configure to begin the Configuration

All the elevations done to sync the devices. but that is not enough, we need to do few more additional steps to make this to work.

Post configuration tasks for Hybrid Azure AD join

1. Set Azure AD policy for Windows down-level devices
• Log-in to your account in the Azure portal.
• Go to: Azure Active Directory > Devices > Device settings
• Set “Users may register their devices with Azure AD” to ALL and Click on Save


2. Configure group policy to allow device registration
Create a Group Policy Obeject or enable the below settings in the domain based Group Policy.
<Edit & go to:Computer Configuration > Policies > Administrative Templates > Windows Components > Device Registration

3. Initialize ADSyncDomainJoinedComputerSync


You need to type Azure AD Directory sync Account,


Initiate full sync using the below command,
Start-ADSyncSyncCycle -PolicyType Initial

Post that all the Applicable Devices based on the OS Versions it will start to Hybrid AD domain Join.

Leave a Reply

Your email address will not be published.