Custom Template for WVD - "Add computer to AD Group" upon joining the domain

%3CLINGO-SUB%20id%3D%22lingo-sub-2412419%22%20slang%3D%22en-US%22%3ECustom%20Template%20for%20WVD%20-%20%22Add%20computer%20to%20AD%20Group%22%20upon%20joining%20the%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2412419%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20a%20tricky%20scenario%20with%20our%20WVD%20deployments%20wrt%20GPO's%20that%20are%20being%20applied%20to%20session%20hosts%20upon%20joining%20the%20domain%20and%20OU.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20deployed%20a%20DNS%20Server%20in%20Azure%20with%20Conditional%20forwarders%20for%20our%20ON-Prem%20Domain%20and%20a%20forwarder%20for%20Public%20DNS%20and%20configured%20this%20Azure%20hosted%20DNS%20IP%20on%20our%20WVD-VNet.%20This%20ensures%20that%20all%20domain%20requests%20and%20internet%20access%20in%20handled%20locally%20by%20this%20Az-hosted%20DNS%20server.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20the%20GPO%20with%20DNS%20Settings%20-%20updates%20the%20VNet%20inherited%20DNS%20IP%20to%20On-Prem%20DNS%20server%20on%20WVD%20SessionHosts%20once%20they%20are%20joined%20to%20domain%20in%20a%20specific%20OU.%20The%20On-prem%20DNS%20server%20doesn't%20resolve%20any%20WVD%20URL's%20due%20to%20security%20policies%20in%20place.%20This%20is%20blocking%20WVD%20Agent%20from%20updating%20to%26nbsp%3B1.0.2990.1500%20version%20(not%20sure%20why%20the%20previous%20version%20-%20%3CSPAN%3E1.0.2800.2800%20is%20first%20chosen%20and%20upgraded%20to%20latest)%20and%20getting%20stuck%20as%20On-prem%20DNS%20%2F%20FW%20doesn't%20allow%20any%20internet%20traffic.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AaaBokkaLe_1-1622726790482.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F285933iDD4F3F973DEB9F2B%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22AaaBokkaLe_1-1622726790482.png%22%20alt%3D%22AaaBokkaLe_1-1622726790482.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3ENow%20we%20got%20further%20info%20from%20our%20AD%20team.%20A%20scheduled%20script%20is%20executed%20that%20adds%20the%20computers%20added%20to%20our%20WVD-OU%20to%20a%20unique%20WVD-Computer%20group%20on%20which%20DNS-GPO%20is%20disabled%2Fnot%20applied.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20issue%20here%20is%2C%20once%20the%20machine%20is%20added%20to%20domain-OU%20and%20reboot%20is%20done%2C%20by%20the%20time%20script%20is%20executed%20to%20add%20these%20computers%20to%20WVD-computer%20group%2C%20DNS%20policy%20is%20getting%20applied%20and%20machines%20are%20assigned%20with%20On-Prem%20DNS%20IP's.%20Even%20is%20the%20script%20is%20run%20and%20session%20host%20is%20added%20to%20WVD-group%2C%20a%20gpupdate%20isn't%20reverting%20the%20DNS%20on%20session%20hosts.%20We%20are%20being%20forced%20to%20manully%20update%20the%20adapter%20settings%20%2F%20change%20the%20nic%20in%20portal%20to%20make%20the%20sessionhost%3C%2FP%3E%3CP%3Euse%20Azure%20hosted%20VM%20--%26gt%3B%20complete%20upgrade%20process%20--%26gt%3B%20become%20healthy%2Favailable.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESeeking%20few%20solutions%26nbsp%3B%20here%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20to%20get%20a%20custom%20template%20(if%20any)%20to%20add%20the%20computers%20to%20WVD-group%20directly%20while%20joining%20the%20domain%3C%2FP%3E%3CP%3E2)%20any%20workaround%2Fautomation%20to%20update%20VM%20nic%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20suggestions%20would%20be%20greatly%20appreciated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EPK%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2412419%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActive%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EJSON%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Virtual%20Desktop%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWVD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Hello All,

 

We have a tricky scenario with our WVD deployments wrt GPO's that are being applied to session hosts upon joining the domain and OU.

 

We deployed a DNS Server in Azure with Conditional forwarders for our ON-Prem Domain and a forwarder for Public DNS and configured this Azure hosted DNS IP on our WVD-VNet. This ensures that all domain requests and internet access in handled locally by this Az-hosted DNS server.

 

However, the GPO with DNS Settings - updates the VNet inherited DNS IP to On-Prem DNS server on WVD SessionHosts once they are joined to domain in a specific OU. The On-prem DNS server doesn't resolve any WVD URL's due to security policies in place. This is blocking WVD Agent from updating to 1.0.2990.1500 version (not sure why the previous version - 1.0.2800.2800 is first chosen and upgraded to latest) and getting stuck as On-prem DNS / FW doesn't allow any internet traffic.

AaaBokkaLe_1-1622726790482.png

Now we got further info from our AD team. A scheduled script is executed that adds the computers added to our WVD-OU to a unique WVD-Computer group on which DNS-GPO is disabled/not applied.

 

The issue here is, once the machine is added to domain-OU and reboot is done, by the time script is executed to add these computers to WVD-computer group, DNS policy is getting applied and machines are assigned with On-Prem DNS IP's. Even is the script is run and session host is added to WVD-group, a gpupdate isn't reverting the DNS on session hosts. We are being forced to manully update the adapter settings / change the nic in portal to make the sessionhost

use Azure hosted VM --> complete upgrade process --> become healthy/available.

 

Seeking few solutions  here 

1) to get a custom template (if any) to add the computers to WVD-group directly while joining the domain

2) any workaround/automation to update VM nic 

 

Any suggestions would be greatly appreciated.

 

Thanks,

PK

 

 

 

0 Replies