Forum Discussion

Pratik_Mishra's avatar
Pratik_Mishra
Copper Contributor
May 01, 2020

Domain Join Error while deploying HostPool

Hi Team,   We are getting error while deploying HostPool for Windows Azure Virtual Desktop. {"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list dep...
Jeff_Bryant's avatar
Jeff_Bryant
Former Employee
May 05, 2020

GR_C1pD 

WVD requires both Azure AD (AAD) and Windows Active Directory (AD).  This means you will need to either deploy the Domain Controller role on a VM running in Azure, or use an existing DC on-prem.  Since you already have a DC on-prem with AAD connect, it would be ideal if you could connect your Azure VNET and your on-prem network together (S2S VPN, Express Route), that way, VM's in Azure could join your Windows AD domain on-prem.  If you had the network setup between them, you could also extend Windows AD into Azure by creating a VM in Azure and adding another DC to the domain and that is the best recommendation.

 

Since you already have Windows AD and AAD connect on-prem, you dont need AADDS.  AADDS is great for those who don't have any DC's running anywhere and are not familiar with setting up Windows AD because the VM's, the DC role and domain are deployed and managed for you as an Azure service.

 

Also, if you try setting up a new DC in Azure and create a new Windows AD domain and then try to sync to an existing AAD with AAD Connect, it is not supported.  Different Windows AD forests must be synced through a single AAD connect sync server.

 

If you just want to test WVD in a lab environment and have zero impact with your on-prem environment, I would create a new Azure AD domain, then create a VM in Azure to become a DC for a new Windows AD domain, then deploy AAD connect and sync.  From there, you should be able to manually domain join a VM to that Windows AD domain and if so, you should be able to proceed with WVD host pool creation.

 

-Jeff

GR_C1pD's avatar
GR_C1pD
Copper Contributor
May 20, 2020
I managed to create the VPN S2S On-prem - Azure.
I'm now going to create a VM in Azure and promote a DC as a new DC of my forest on-prem.
I believe this should allow me to join VM to the domain.
  • GR_C1pD's avatar
    GR_C1pD
    Copper Contributor
    May 21, 2020

    Jeff_Bryant Thanks a lot for your help.

    I have managed to make it work. Primary DNS my new DC in Azure and secondary DNS DC on prem. 

    Everything is working fine. 

     

    Again much much appreciated.

     

    Have a good dayt 

  • Jeff_Bryant's avatar
    Jeff_Bryant
    Former Employee
    May 20, 2020

    GR_C1pD Yes, you are on the right path for it to work!  Dont forget to update the DNS server settings on the VNET once you promote the VM to a DC, if it will also contain the DNS role.  If you are leaving DNS on-prem, then update VNET DNS to point to that DNS server on prem.  Any other VM's you deploy on the VNET will get the DNS server settting automatically; you dont want to hardcode that into the IP properties of the VM.

     

    -Jeff

Resources