Windows 10: Hybrid AD join using ON PREM ADFS settings

Hey guys,We are currently testing with Hybrid AD joined devices. The joining works correct and the systems get the AD hybrid joined status. However the hybrid joined systems ignore the settings that are in our on prem ADFS server.We have a rule that for intranet zone based on IP the user doesn't have to use SSO. Machines that are just local domain joined work fine but the hybrid ones seem to ignore the on prem adfs server. We are using a third party Relying Trust name surfconext.nl.Is there logging i can check somewhere ?

:)

 

Disconnecting on prem AD and then joining Azure AD creates new Windows profile?

Hello everyone,

I have a question about joining computers in my firm from on prem AD to Azure AD. When someone new arrives at our firm (new employee), there is a fresh installation of Windows 10. It is easy to join Azure AD
because it is a fresh start, but now we have to migrate all Windows 10 users that are on prem AD to Azure AD. When I disconnect those users from our local on prem AD and join them to Azure AD, whole new Windows 10 profile is created, without any of settings,
data or anything else on that profile (clean profile with few applications that are installed computer-wide). So my question is, is there any solution to keep their profile settings from before they joined Azure AD? Or I will have to simply tell them to backup
everything (essential data).

What I tried so far:

• Tried tools for migration like ForensiT (User Profile Wizard, User Profile Manager and Transwiz, just to see if it is going to work) - not successful
• Tried changing profile path from registry - not successful
• Tried log in with the old credentials example: CONTOSO\user (because after I joined that computer to Azure AD user should log in as *** Email address is removed for privacy ***) - not successful

Is there anything else I can try? Thanks for your answers.

 

Azure AD Banned Password List without On-Prem Agent

Hi All,

I am considering enabling banned password list for our Azure AD in our hybrid environment and want to ask, how doing that will affect our environment if we do not install the on-prem DC agent, as our on-prem does not meet minimum requirements.

Which password resets and changes will be validated through banned password list and which will not?

Will 'noncompliant' passwords synced from on-prem to Azure AD be causing issues?

TIA,

W

 

To join a box to on premise or azure ad?

Right now I am working for a small shop, about 50 folks and like most folks half of them are remote at any give time plus a few permanent remote folks...most of the services that people use are cloud based through other vendors tied back to SAML/ADFS for
SSO...one of the services is 365, which gives us Azure AD and also a foot in the door with EMS, AD Prem, Write management, etc...

as one of the first things I did at this gig was stand up few servers for ADFS (inside and proxy) plus Azure Connect...then I did all the AD building and joining of endpoints. but 365 is not Federated yet

Beginning in windows 10-1511 we can start joining our boxes to the Azure AD...but seems like options are limited, endpoints are managed via intune vice GPOs, not to mention LAPS isnt out there for azure joins let alone bitlocker management

so I guess its a trade off...would love to here some stories and other folks thoughts...I had a hair brain idea of ditch the adfs boxes (since I basically rent them) and get EMS...but having a hard time getting data and testing