从Azure AD注册到Azure AD HYBRID通过AAD Connect加入 [英] Change from Azure AD Registered to Azure AD HYBRID Joined via AAD Connect

问题描述

我们目前正在寻求使用AAD Hybrid连接。

We currently are looking to move to using AAD Hybrid join.

我们目前正在使用AAD Connect将我们的内部域与我们的AAD租户联合。

We currently are using AAD Connect to federate our on-premise domain with our AAD tenant.

我们想要改变它现在的状态使用AAD注册设备使用AAD混合连接。

We want to move from how it is now with AAD Registered devices to using AAD Hybrid join.

我的问题是：当我们通过更改AAD Connect中的配置启用Hybrid时，现有的AAD注册机器会发生什么？

My question is this: When we enable Hybrid by changing the config in AAD Connect, what happens to the existing machines that are AAD Registered?

我能找到的唯一信息来自本指南：

The only info I can find is from this guide:

https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan

"如果您的Windows 10加入域的设备已经  Azure
AD注册对于您的租户，我们强烈建议您在启用Hybrid Azure AD加入之前删除该状态。从Windows 10 1809版本开始，已进行以下更改以避免这种双重状态：

"If your Windows 10 domain joined devices are already Azure AD registered to your tenant, we highly recommend removing that state before enabling Hybrid Azure AD join. From Windows 10 1809 release, the following changes have been made to avoid this dual state:

• 
  

  
  设备为Hybrid Azure AD加入后，将自动删除任何现有Azure AD注册状态。

• Any existing Azure AD registered state would be automatically removed after the device is Hybrid Azure AD joined.

你可以防止你的域名被Azure的AD通过添加此注册表项注册加入设备 - HKLM\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin，" BlockAADWorkplaceJoin" = dword：00000001。

You can prevent your domain joined device from being Azure AD registered by adding this registry key - HKLM\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin, "BlockAADWorkplaceJoin"=dword:00000001 .

此更改现在适用于带有KB4489894的Windows 10 1803版本。

This change is now available for Windows 10 1803 release with KB4489894.

"

"

但这就是它所说的。对于Win10 1803以及它的自动化，但对于我们的一些低于该版本的机器，当我们打开Hybrid时会出现什么样的行为？它们会破坏吗？或者我们可以启用Hybrid然后返回并清理双重状态吗？如果我们的AD目前正在同步，我如何
"删除该状态？"

But thats all it says. For Win10 1803 and up its automatic, but for some of our machines that are below that build, what will the behavior be when we turn Hybrid on? Will they break or can we enable Hybrid then go back and clean up the dual state? How do I "remove that state" if our AD is currently being synced?

只需确保我在翻转开关之前完全理解其影响。

Just making sure i fully understand the impact before flipping the switch.

重申一下，这不是AAD Connect的全新设置。它是就地配置更改，启用AAD Hybrid连接。

Just to reiterate, this is not a fresh setup of AAD Connect. Its an in-place config change, enabling AAD Hybrid join.

谢谢！

推荐答案

Hello BigTotoro，

Hello BigTotoro,

对于低于1803的构建，您将在Azure AD门户中看到双重条目。因此您必须继续并手动清理它。 

For the builds that are lower than 1803, you will see dual entries in Azure AD portal. So you would have to go ahead and clean it up manually. 

您将看到一个条目，其中注册了设备的用户列为所有者。这是针对Azure AD注册的，因为这发生在用户上下文中。 

You will see one entry with the user who registered the device listed as the owner. This is for Azure AD registered as this happens under user context. 

启用Hybrid Azure AD加入后，您将看到另外一个没有任何所有者的条目。这适用于在系统上下文中发生的Hybrid Azure AD加入。

After you enable Hybrid Azure AD join, you will see one more entry without any owners. This is for Hybrid Azure AD join as it happens under system context.

您将拥有从Azure AD手动取消注册设备。这也将从门户中删除条目。但是建议也从Azure清除设备对象。您可以按照列出的步骤

此处用于从Azure AD中取消连接设备。

You will have to manually un-register the device from Azure AD. This will remove the entry from the portal as well. However it is recommended to clean the device objects from Azure as well. You can follow the steps listed here for unjoining a device from Azure AD.

这篇关于从Azure AD注册到Azure AD HYBRID通过AAD Connect加入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！