How to deploy Azure AD, join computers to domain?

boog

8/12/24, 9:19 PM

I've no experience deploying domain services from Azure/Intune, just plenty of experience with an on-prem domain controller.

I have a client here who has an azure tenant, O365 and a domain setup. I'm trying to deploy identity management/domain services and join 8 laptops to the domain.

The problem I'm having is I can't seem to figure out how this works? Everything I read states that I need to be signed into the computer with a Microsoft account, however when I try to login with one of the users I've created in Azure ([email protected]) it says that isn't a valid Microsoft account (which it's not it's a user created in Azure).

I don't want the computers signed in with a Microsoft account, I'm trying to emulate the same behavior as an on-prem domain controller, where the users can sign into any of these laptops with their users created in Azure.

What am I missing here?

2 + 1

domain

identity-management

azure

TomTom

8/12/24, 9:51 PM

Of topic: Questions should demonstrate reasonable information technology management practices. Questions that relate to unsupported hardware or software platforms or unmaintained environments may not be suitable for Server Fault. - maybe hire someone competent? "I have no idea how to do something basic" and "trying to figure out" but not "reading documentation" is a little, you know, not best practices.

Score:2

Server

yagmoth555

8/13/24, 2:15 AM

Azure AD service, aka Azure ADDS which need Azure AD premium P2 account will need an azure login type.

I suggest to do the OOBE correctly to have them inside your tenant, else you need local account with their azure account attached to the login, which is a pain to maintain in the long run. Its probably that headache you hit to try the login.

If you want an true AD style login but have no physical server, then you need a VM in Azure with the AD role, with a site to site vpn to make the domain act like you want, but there is more cost behinds that.

+ 1

boog

8/13/24, 7:06 PM

thank you for the information. Yes the accounts were never used to join the domain during OOBE, that sounds like the hangup I'm running into. There's currently local accounts. There's only a total of 10 PCs and I won't be managing these devices in the future so I'm not worried about ease of management- they simply want to be able to authenticate/login to the PCs using their azure accounts. Thanks again, looks like I'll have to figure this out

Score:1

Server

joeqwerty

8/13/24, 2:47 AM

Just as with traditional AD DS, you need to join the computer to Azure AD to be able to log in with an Azure AD user account.

https://petri.com/how-to-join-windows-10-to-azure-active-directory/

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to deploy Azure AD, join computers to domain?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.