Oct 10 2023 09:04 PM
We’ve established an Azure Virtual Desktop environment for our client ClientDomain Transport using AADDS:
Joined to: aadds.ClientDomain.com.au
UPN Suffix: ClientDomain.com.au
UPN (pre-Windows 2000): AADDS\
We’ve also run a test migration of their existing onsite infrastructure to Azure, maintaining the existing AD DS. This includes domain controllers, file servers, SQL servers etc.
Joined to: ClientDomain.local
UPN Suffix: ClientDomain.com.au
UPN (pre-Windows 2000): ClientDomain\
Users and Groups are synced from AD DS up to Azure using Azure AD Connect, so the directory is the almost the same in both environments.
We have a Kerberos Realm Domain Trust setup between the two domains.
However, we currently can’t authenticate automatically between the domains.
Example:
User email address removed for privacy reasons is logged into AVD (which sits in aadds.ClientDomain.com.au)
User tries to access \\<server IP> (which is in AD DS ClientDomain.local) in File Explorer
Credentials are incorrect and Windows prompts for authentication, automatically prepending AADDS\ to the login window
User manually inputs credentials with @ClientDomain.com.au domain suffix and connection is successful
We also are experiencing similar issues when trying to use Windows Authentication with the SQL servers in the ClientDomain.local domain.
What do we need to do to allow AADDS users to authenticate with AD DS resources automatically?
Oct 11 2023 02:09 AM
Hi @BlairMuller,
To allow AADDS users to authenticate with AD DS resources automatically, you need to configure the following:
Here are some additional tips for troubleshooting authentication issues between AADDS and AD DS:
Here are some useful links to this issue:
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)