Domain Join Group Policy

Open group policy management editor gpmc create a new group policy object and name it local administrators servers.

Domain join group policy. Now select the appropriate group policy object in the list and then click on edit. All domain joined devices running windows 10 and windows server 2016 automatically register with azure ad once all configuration steps are complete. Right click on it and then click on properties. When you join a computer to the domain it will by default go the computers folder.

The enrollment into intune is triggered by a group policy created on your local ad and happens without any user interaction. Method 1 assign rights to the user group using the default domain group policy. Now this will open group policy object editor. Join computer to domain and specify ou path with powershell.

Starting in windows 10 version 1709 you can use a group policy to trigger auto enrollment to mdm for active directory ad domain joined devices. Right click the default domain group policy and click edit. To allow an user or group to add a computer to a domain you can perform the below steps. If you prefer a controlled rollout rather than this auto registration you can use group policy to selectively enable or disable automatic rollout.

Now it will open a new window on which we need to select the group policy tab. In the left side pane you can see a node with the domain name. So i went ahead and enabled windows hello for business as well. Login to the domain controller and launch the group policy management console.

If you enable this policy setting a domain user can set up and sign in with a convenience pin. This means you can. After restarting client i still was not able to login with pin and on top of that the pin setting within settings was now greyed out. It is best practice to move the computers from the default folder to a different ou.

Thankfully we can automate this with powershell when we join the computers to the domain.