{"id":5629,"date":"2022-03-15T22:25:26","date_gmt":"2022-03-15T22:25:26","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=5629"},"modified":"2022-03-15T22:25:26","modified_gmt":"2022-03-15T22:25:26","slug":"hybrid-join-computer-to-azure-active-directory-intune-without-access-line-of-sight-to-domain-controller","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/hybrid-join-computer-to-azure-active-directory-intune-without-access-line-of-sight-to-domain-controller","title":{"rendered":"Hybrid Join computer to Azure Active Directory \\ Intune without access (line of sight) to domain controller"},"content":{"rendered":"

Machines usually need a GPO to join them to Intune<\/a> and Line of Sight access to the Domain Controller to join to Azure AD. You can actually build and deploy a Package\u00a0 to help with this for computers that don’t access the Domain but still need to by Hybrid Joined<\/p>

 <\/p>

reate a provisioning package, using Windows Configuration Designer (which you can download from the Microsoft Store app):<\/p>

\"\"
Windows Configuration Designer app<\/figcaption><\/figure><\/div>

Once that\u2019s downloaded, we\u2019ll create a new project:<\/p>

\"\"<\/figure><\/div>

The most important step will be going to\u00a0Account Management<\/strong>, selecting\u00a0Enroll in Azure AD<\/strong>, and getting a\u00a0Bulk Token<\/strong>:<\/p>

\"\"
Bulk Token<\/figcaption><\/figure>

Once you have a bulk token, select\u00a0Finish<\/strong>\u00a0and then click\u00a0Switch to advanced editor<\/strong>\u00a0in the bottom left. We need to switch to the advanced editor to remove any extra settings other than the bulk token.<\/p>

\"\"
Select Switch to advanced editor<\/figcaption><\/figure>

Here I\u2019ll delete the\u00a0DNSComputerName<\/strong>:<\/p>

\"\"<\/figure>

And then the\u00a0HideOobe\u00a0<\/strong>setting:<\/p>

\"\"<\/figure>

Once we only see\u00a0Authority\u00a0<\/strong>and\u00a0BPRT<\/strong>\u00a0under Azure, we\u2019re ready to\u00a0export the package:<\/strong><\/p>

\"\"
Export package<\/figcaption><\/figure>

Then we just need to copy the\u00a0RunTime Provisioning Package\u00a0<\/strong>(.ppkg) file in the exported directory to our device:<\/p>

\"\"
Exported directory for PPKGs<\/figcaption><\/figure>

Once the PPKG is on the device, double click it to kick off the process:<\/p>

\"\"
PPKG UAC Prompt<\/figcaption><\/figure><\/div>
\"\"
Apply PPKG<\/figcaption><\/figure><\/div>

Unfortunately PPKGs don\u2019t really report any progress, but you can check under\u00a0Settings > Accounts > Access work or school > Add or remove a provisioning package<\/strong>\u00a0to see if it applied:<\/p>

\"\"<\/figure><\/div>","protected":false},"excerpt":{"rendered":"

Machines usually need a GPO to join them to Intune and Line of Sight access to the Domain Controller to join to Azure AD. You can actually […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5629","post","type-post","status-publish","format-standard","hentry","category-research"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/5629","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=5629"}],"version-history":[{"count":1,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/5629\/revisions"}],"predecessor-version":[{"id":5630,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/5629\/revisions\/5630"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=5629"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=5629"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=5629"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}