Forum Discussion
Solved
Logging in as a normal user to an AADDS joined VM
The scenario here is trying to use the AADDS as it is and not syncing anything from an on-premise location. With VMs joined to this AADDS, I want to be able to have normal users log in to take ca...
- Whoops, my apologies for not giving a follow up to my own issue!
To answer your question they are joined to Azure Active Directory Domain Services.
The part that made this confusing is that I am not syncing an on-premise AD into this Azure Tenant, so I was completely relying on what Azure puts into place when you create this service.
I should have had this knowledge, but I don't work with Group Policies that often. Azure Support had to help me with this because I didn't think to Google this issue from a GPO standpoint and not from an AADDS one.
The key to fixing this was entering my group of users under the "Restricted Groups" in the GPO, and say this group is a member of "Administrators" and "Remote Desktop Users."
This does make the users local admins on the machines they can log into, but for my purposes that is perfect. Here is where the "Restricted Groups" setting lives for others who might want to do this.
Computer Configuration --> Policies --> Windows Settings --> Security Settings --> Restricted Groups
Just to be sure: are those VM's members of Azure AD or Azure Active Directory Domain Services?
- Whoops, my apologies for not giving a follow up to my own issue!
To answer your question they are joined to Azure Active Directory Domain Services.
The part that made this confusing is that I am not syncing an on-premise AD into this Azure Tenant, so I was completely relying on what Azure puts into place when you create this service.
I should have had this knowledge, but I don't work with Group Policies that often. Azure Support had to help me with this because I didn't think to Google this issue from a GPO standpoint and not from an AADDS one.
The key to fixing this was entering my group of users under the "Restricted Groups" in the GPO, and say this group is a member of "Administrators" and "Remote Desktop Users."
This does make the users local admins on the machines they can log into, but for my purposes that is perfect. Here is where the "Restricted Groups" setting lives for others who might want to do this.
Computer Configuration --> Policies --> Windows Settings --> Security Settings --> Restricted Groups