Azure AD (Entra ID) join specification
Denis CARDON
dcardon at tranquil.it
Mon Jan 29 09:37:17 UTC 2024
Hi David,
Le 26/01/2024 à 17:42, David Mulder via samba-technical a écrit :
> I've made some minor changes to the join document for Azure AD.
> Specifically, there was a major mistake in the TransportKey definition.
> If you're working on a join implementation, make sure you pay close
> attention to the changes. Azure accepts just about any blob in the
> TransportKey field, and doesn't perform any validation on it. This only
> becomes obvious when future responses from Azure are garbled nonsense.
I guess you are trying to look for a pure Entra ID join, but if it is
for a hybrid join, my colleague Simon at Tranquil IT did implement it in
our pure Python AzureAD Connect implementation [1].
We don't use hybrid join much (our clients use WAPT [3], not Intune for
device management), so it may not be complete, but it did work when we
tried it for basic use case.
Be sure to use the python-wcfbin from AndreasLrx, there is a bug in the
upstream xml binary library to communicate with Azure.
Cheers,
Denis
[1] https://github.com/sfonteneau/AzureADConnect_Samba4/
[2]
https://github.com/sfonteneau/AzureADConnect_Samba4/blob/main/libsync.py#L233
[3] https://www.wapt.fr/en/doc/index.html
>
More information about the samba-technical
mailing list