memdocs
memdocs copied to clipboard
MicrosoftDocs
Define what access is required in "The computer must also have access to the internet and your Active Directory."
We defer to Network Requirements for Intune, on the Intune connector requirements, but that doesn't appear to cover the access requirements needed for Onprem AD here: "The computer must also have access to the internet and your Active Directory." --Please explicitly define what protocols/ports are required or link to existing Windows AD requirements and required services (e.g. https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/service-overview-and-network-port-requirements) if they cover what is required by the connector - thanks!
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 3f93dd93-e003-36fc-02d6-07166537d914
- Version Independent ID: 1b860d13-bcf5-50da-89f9-ee12ece6edb2
- Content: Enrollment for hybrid Azure AD-joined devices - Windows Autopilot
- Content Source: memdocs/autopilot/windows-autopilot-hybrid.md
- Service: microsoft-intune
- Sub-service: enrollment
- Technology: ****
- GitHub Login: @ErikjeMS
- Microsoft Alias: erikje
@jerryabo Thank you for your feedback. We have added this to the Prerequisites section now
Have access to an Active Directory domain controller. The device must be connected to the organization's network so that it can:
- Resolve the DNS records for the AD domain and the AD domain controller.
- Communicate with the domain controller to authenticate the user.
Hope this helps!
Thanks Sri
This isn't enough. Communication needs to be defined specifically - meaning protocols and open ports, e.g. ldap tcp port 389, rpc, etc.
Get Outlook for iOShttps://aka.ms/o0ukef
From: Sriraman M S @.> Sent: Monday, May 30, 2022 09:42 To: MicrosoftDocs/memdocs @.> Cc: Jerry Abouelnasr @.>; Mention @.> Subject: Re: [MicrosoftDocs/memdocs] Define what access is required in "The computer must also have access to the internet and your Active Directory." (Issue #2776)
@jerryabohttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fjerryabo&data=05%7C01%7Cjerryabo%40microsoft.com%7C027cbf9773db4903e82108da424a90ae%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637895185271817541%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YJNarMLe1tzwjiqyowztDqngmZUp4OlmWhVZwgO1EOw%3D&reserved=0 Thank you for your feedback. We have added this to the Prerequisites section now
Have access to an Active Directory domain controller. The device must be connected to the organization's network so that it can:
- Resolve the DNS records for the AD domain and the AD domain controller.
- Communicate with the domain controller to authenticate the user.
Hope this helps!
Thanks Sri
— Reply to this email directly, view it on GitHubhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fmemdocs%2Fissues%2F2776%23issuecomment-1141236013&data=05%7C01%7Cjerryabo%40microsoft.com%7C027cbf9773db4903e82108da424a90ae%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637895185271817541%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=RYR8IGeg%2BJBpd8nDiP1dvGkQA31MB0Cy7Tlm5AqsQGM%3D&reserved=0, or unsubscribehttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAWOUSZYWAGTNPGBPWJOYUH3VMTHTZANCNFSM5V3UTQLQ&data=05%7C01%7Cjerryabo%40microsoft.com%7C027cbf9773db4903e82108da424a90ae%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637895185271817541%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=H8GTk2snU%2F7Hsto8cpwmS8v1GDNtXMBOTAtil5Kz06M%3D&reserved=0. You are receiving this because you were mentioned.Message ID: @.***>
@jerryabo I will check with the author on the specific ports etc and provide an update.
Thanks Sri
Is there any further updates or ETA to update the docs to include the protocol level details?
Assigning request to myself to take care of documenting what ports are needed. Researching and will update once I have more information.
Linked the following articles:
https://learn.microsoft.com/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts https://learn.microsoft.com/azure/active-directory/hybrid/reference-connect-ports https://learn.microsoft.com/troubleshoot/windows-server/networking/service-overview-and-network-port-requirements
via https://github.com/MicrosoftDocs/memdocs-pr/pull/9130
These article should address any questions the customer may have regarding ports.
Thank you @frankroj . @yogkumgit These articles should address any questions the customer may have regarding ports.
https://learn.microsoft.com/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts https://learn.microsoft.com/azure/active-directory/hybrid/reference-connect-ports https://learn.microsoft.com/troubleshoot/windows-server/networking/service-overview-and-network-port-requirements
Still working internally on getting what specific AD ports are need by the connector to talk to AD.