Body
Step 1 — Confirm current join state
Open PowerShell (as admin) and run:
dsregcmd /status
Check the following lines:
AzureAdJoined : YES DomainJoined : NO
If that’s what you see, the PC is cloud only — not domain joined yet.
🔓 Step 2 — Disconnect from Azure AD
Go to:
Settings → Accounts → Access work or school
-
Find the connection labeled with your Azure tenant (e.g., mgb.mgbryan.com).
-
Click it → Disconnect → confirm removal.
-
Reboot the PC.
⚠️ Important: This will remove the Azure profile, so make sure you’ve backed up any local user data (Documents, Desktop, etc.) if it’s tied to that account.
🖥️ Step 3 — Join to the on-prem domain
After the reboot:
-
Open Control Panel → System → Advanced system settings → Computer Name → Change
(or run sysdm.cpl from Run window)
-
Select Domain and enter:
mgb.mgbryan.com
-
Enter domain credentials that have rights to join computers.
-
Restart the PC when prompted.
Now it’ll create a local domain profile (mgb\tommy.stevenson).
☁️ Step 4 — Reconnect to Entra (Hybrid Join)
After logging in with the domain account:
-
Run:
dsregcmd /join
or just wait for the Azure AD Connect sync (usually within 30–60 mins).
-
Verify it worked:
dsregcmd /status
You should now see:
DomainJoined : YES AzureAdJoined : YES
🧰 Step 5 — (Optional) Intune Auto-Enrollment
If Intune auto-enrollment is enabled, the device will appear in:
Entra Admin → Devices → All Devices → Join Type: Hybrid Azure AD joined
and in Intune within a few minutes.