On-Prem AD configuration

Ensure you configure the following services and are running on On-Prem Ad:

  • Time settings
  • Ad server
  • Cert server
  • DNS
  1. On Active Directory Server, navigate to Active Directory Users and Computers folder, add users as required.
  2. On Active Directory Server, navigate to Active Directory Users and Computers folder, create a group with name that matches with the Autopilot Deployment Profile. Create another group Computers under the new group. When Azure Ad pushes the details to ON-Prem AD, the system details appear under the Computers group. Right-click the profile and select Delegate control.
  3. On the wizard, click Next. On the Delegation of Control screen, click Add.
  4. Add the Computers object type.
  5. Select Check Names, select the AD server name and click OK. The Selected users and groups will list the selected server.
  6. Select the option to Create a custom task to delegate and click Next.
  7. To ensure the server/connector can only create and delete computer objects select Only the following objects in the folder and options as in figure and click Next:
    • Computer objects
    • Create selected objects in this folder
    • Delete selected objects in this folder
  8. Select the permissions you wish to delegate. Choose General, Property-specific, Creation/deletion of specific child objects. Select Full Control and click Next.
  9. Click Finish to end the wizard. All the necessary permissions for the server machine to perform domain joins are available.
  10. Using windows startup, go to Group Policy Management. Right-click on the Domain and create New Organizational Unit. Right-click and create a Group Policy Object (GPO). Right-click and Edit the GPO to open Group Policy management Editor.
  11. Under Group Policy management editor ->Policies -> Administrative Template-policy definitions ->Windows Components -> MDM, set Status Enable automatic MDM enrollment to Enable.
  12. Install and configure Azure ad connector on on-prem AD: For procedure, refer https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom.
  13. Install and configure Certificate connector for Microsoft Intune. For procedure, refer Install the Certificate Connector for Microsoft Intune - Azure.
  14. Install and configure Intune connector for active directory: For procedure, refer https://learn.microsoft.com/en-us/mem/autopilot/windows-autopilot-hybrid .
    1. Download the Intune connector from Intune or directly from URL http://download.microsoft.com/download/C/6/D/C6DAA9FD-7DCA-4577-9016-AE72A8150149/ODJConnectorBootstrapper.exe.
    2. Run and install the Intune Connector using wizard.
    3. In the Intune Connector wizard, during Enrollment, sign-in to Intune Connector using the Global admin or Intune Admin credentials.