AD Hybrid Join via AAD



 Let’s get started with configuring hybrid domain join using Azure Active Directory (AAD) connect tool. First of all launch the Azure AD connect tool. On the Welcome page, click Configure.

set up hybrid azure ad join

On the Tasks page, click Configure Device Options. Click Next.

Configure Device Options AAD

Click Next on Overview section.

Azure Active Directory Connect

In this step enter the credentials to connect to Azure AD. Click Next.

Under Device options, you see the following options.

  • Configure Hybrid Azure AD join
  • Configure device writeback
  • Disable device writeback

Select Configure Hybrid Azure AD join and click Next.

Configure Hybrid Domain Join via AAD Connect

On the Device Systems page, select the device operating systems used in your active directory environment. So here I will select Windows 10 or later domain-joined devices. Click Next.

Configure Hybrid Domain Join via AAD Connect

The Service Connection Point allows your domain devices to discover the Azure AD tenant info. Hence configuring this step correctly is important. On the SCP configuration page, under Authentication Service select Azure Active Directory. Click Edit button and specify Enterprise admin credentials.



As alternate way to configure SCP is to download the ConfigureSCP.ps1 powershell script. However use this script when you don’t have an enterprise admin creds.

Click Next.

Configure Hybrid Domain Join via AAD Connect

Finally we are ready to configure the hybrid azure ad join. Click Configure.

Configure Hybrid Domain Join via AAD Connect Snap8

After few seconds, you should see the Configuration Complete message. The task to configure Hybrid Azure Ad join completed successfully. Click Exit.

Hybrid Azure AD join

Check if Windows 10 Device is Azure AD Joined

In the above step, the Hybrid Azure AD join configuration was successful. Now it’s time to see if your Winodws 10 device is hybrid joined to Azure AD or not.

Using the below command to find out if the device is Azure AD joined or not.

dsregcmd /status

After running the above command, under Device State, check the AzureADJoined. Currently it shows NO.

The best part here is Windows 10 devices are hybrid joined automatically. You have to wait for at least 5-30 minutes or more to see the result.

In my case, it took around 25 minutes to see the results. You may reboot the Windows 10 device if you don’t see any change in the device status.