Forum Discussion
Solved
Why is an AAD DC Administrator not a Domain Admin?
I couldn't figure out why I was unable to connect to my Win 10 session hosts using the credentials I used to join the session hosts to the domain during deployment. I see now that this account, w...
If I recall correctly there should be a standard GPO in the AADDS domain that adds the AAD DC Admin group to the local admins of a sessionhost. It's applied on the AADDC Computers OU so perhaps you moved your VM's to another OU? Try applying that GPO there as well.
I believe it's called "AADDC Computers GPO" but I'm not sure!
Excellent catch! There is indeed a GPO called AADDC Computers GPO, applied to the AADDC Computers OU, that does just what you described. I have been putting my session hosts in a separate OU so I could apply WVD-specific policies to them. I linked the GPO to my WVD Host OU, ran gpupdate /force on a session host, and got in with my not-really-a-domain-admin account. 🙂 Thanks!
Glad you got it sorted out!