Forum Discussion
Requirement to have an on-prem AD
HandA
on-prem AD is not required.
AD requirements:
Option 1: Domain controller that is synchronized with Azure Active Directory. The domain controller can be on-prem or in cloud. To synchronize with Azure Active Directory install Azure Active Directory Connect.
Option 2: Azure AD Domain Services domain in Azure (automatically synced with Azure Active Directory)
"The Windows Virtual Desktop service specifically requires that the machine is joined to an Active Directory Domain."
That means an on-premise Active Directory instance? Or can that be Azure Active Directory Domain Services?
I guess I'll just have to try it out.
Ron Howe I got it to work with only Azure AD and Azure AD DS together.
I started with an Azure AD and added/verified a custom domain.
I created an admin in this custom domain.
I then added Azure AD DS referring to the custom domain
I changed the password of my domain admin to allow it to synch with Azure AD DS
I verified that I could join a workgroup windows server to Azure AD DS with my admin
Adding the host pool to the domain and adding users to the domain worked fine.
Testing to connect with assigned users worked ok
No need for any on premise domain in my case.
I am currently syncing users and groups with password Hash sync (from on-prem ad to cloud)
To deploy WVD do I also have to enable single sign-on and pass-trough authentication and having Domain services running in Azure?
- I think you are getting this error because the User which you provided as tenant Admin while deploying the host pool is not yet added to Windows Virtual Desktop Application as a tenant creator.
You can check if the user is already added from here:
Go to Active Directory -> Enterprise Applications -> Windows Virtual Desktop -> Users and groups This worked for me - after adding a custom domain and changing the admin user from the onmicrosoft.com address.
M.
- Christian_Montoya
Microsoft
Stavros Mitchell : It should not matter which OS you're basing it off of. With the error you're hitting, make sure that you can install the PowerShell locally and connect with the same username or service principal. If it's a user and requires MFA, then deploying the Azure Marketplace offering will fail because MFA cannot happen in the background.
Thanks for your quick reply the only thing i am doing different is i was using the windows 10 enterprise mulit session instead of you are using server 2016 datacenter wonder if that could be causing the issue
Hi Stavros,
I do not think I did anything special. I simply followed the steps to add AADDS in a very detailed fashion. (I assume you also have done that and verified that you can join a computer to the domain)
FYI: I am using 2016 datacenter as the base for my session host image.
I then followed the detailed steps in https://docs.microsoft.com/en-us/azure/virtual-desktop/ Tutorial.
(Go back and re-read and make sure you have not missed any steps.)
FYI: I used the following options
- Shared desktop
- 2 VM
- Pretty much default all the way.
I have tested many times and never had any problems even when moving to ARM Template use.
Again - very hard to speculate on what problem you may be hitting, but maybe it is not related AADDS use.
Hope this can help in some small way.
Cheers,
Johan
Hi, I am just curious how did you get it to work with AAD DS . My Deployment keeps on failing on
/dscextension with the error:
" PowerShell DSC resource MSFT_ScriptResource failed to execute Set-TargetResource functionality with error message: User is not authorized to query the management service."
Everywhere i been searching is saying its not possible with AADDS.
thanks for the help
