MGB Hybrid Join

Step 1 β€” Confirm current join state

Open PowerShell (as admin) and run:

 

dsregcmd /status

Check the following lines:

 

AzureAdJoined : YES DomainJoined : NO

If that’s what you see, the PC is cloud only β€” not domain joined yet.

πŸ”“ Step 2 β€” Disconnect from Azure AD

Go to:

Settings β†’ Accounts β†’ Access work or school

  1. Find the connection labeled with your Azure tenant (e.g., mgb.mgbryan.com).

  2. Click it β†’ Disconnect β†’ confirm removal.

  3. Reboot the PC.

⚠️ Important: This will remove the Azure profile, so make sure you’ve backed up any local user data (Documents, Desktop, etc.) if it’s tied to that account.

πŸ–₯️ Step 3 β€” Join to the on-prem domain

After the reboot:

  1. Open Control Panel β†’ System β†’ Advanced system settings β†’ Computer Name β†’ Change
    (or run sysdm.cpl from Run window)

  2. Select Domain and enter:

     

    mgb.mgbryan.com

  3. Enter domain credentials that have rights to join computers.

  4. Restart the PC when prompted.

Now it’ll create a local domain profile (mgb\tommy.stevenson).

☁️ Step 4 β€” Reconnect to Entra (Hybrid Join)

After logging in with the domain account:

  1. Run:

     

    dsregcmd /join

    or just wait for the Azure AD Connect sync (usually within 30–60 mins).

  2. Verify it worked:

     

    dsregcmd /status

    You should now see:

     

    DomainJoined : YES AzureAdJoined : YES

🧰 Step 5 β€” (Optional) Intune Auto-Enrollment

If Intune auto-enrollment is enabled, the device will appear in:

Entra Admin β†’ Devices β†’ All Devices β†’ Join Type: Hybrid Azure AD joined
and in Intune within a few minutes.

Print Article