In this post, we’ll see how we can configure Hybrid Azure AD join for Windows 10 devices.

When Hybrid Azure AD Join configuration is completed all eligible devices will convert to Hybrid Azure AD Join devices.

As we’ll also see configuration of Controlled Validation, I’ll have just one Windows client device switched on.

Note: If you are looking for controlled deployment, kindly remove the Device Registration Configuration information immediately (discussed in next post).

Existing setup done:

  1. Two Local users created
  2. Azure AD Connect configured
  3. Seamless Single Sign-On (IE) configured
  4. Seamless Single Sign-On (Firefox) configured

Existing setup:

  1. SkyDC: Machine with ADDS, DNS, DHCP role
  2. SkyCON: Machine where we will install Azure AD Connect
  3. SkyCM: Machine with Configuration Manager Current Branch
  4. SkyTEN1: Domain Joined Windows 10 machine
  5. SkyTEN2: Domain Joined Windows 10 machine
  6. SkyTEN3i: Domain Joined Windows 10 machine (to be Intune Managed)
  7. SkyTEN4i: Domain Joined Windows 10 machine (to be Intune Managed)

Configure Hybrid Azure AD Join

Run Azure AD Connect.

Click Configure.

Select Configure device options and click Next.

Click Next.

Enter Global Admin credentials and click Next.

Select Configure Hybrid Azure AD join and click Next.

Check Windows 10 or later domain-joined devices and click Next.

Select the forest and click Add.

Enter Enterprise Admin credentials and click OK.

In Authentication Service, select Azure Active Directory and click Next.

Click Configure.

Click Exit. You can also click on Learn more for further information.

Validation using PowerShell:

Install the Azure AD module by running the below cmdLet. You need to install the NuGet provider also.

Install-Module AzureAD

Connect to Azure AD by running below cmdlet:


Enter Global Admin user id and click Next.

Enter Global Admin user id’s password and click Sign in.

You can see your Azure AD information similar to above.

If you wish, you can initiate Azure AD Connect Sync by importing the ADSync.psd1 and executing Start-ADSyncCycle cmdlet.

Import-Module ‘C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1’

Start-ADSyncSyncCycle -PolicyType Initial

Execute below cmdlet to get Azure AD device information. You can see that one of the Windows 10 device is showing up.


Login to Azure AD portal, you can see the Windows 10 device showing up.

1 Comment

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.