Forum Discussion
Why is an AAD DC Administrator not a Domain Admin?
If I recall correctly there should be a standard GPO in the AADDS domain that adds the AAD DC Admin group to the local admins of a sessionhost. It's applied on the AADDC Computers OU so perhaps you moved your VM's to another OU? Try applying that GPO there as well.
I believe it's called "AADDC Computers GPO" but I'm not sure!
If I recall correctly there should be a standard GPO in the AADDS domain that adds the AAD DC Admin group to the local admins of a sessionhost. It's applied on the AADDC Computers OU so perhaps you moved your VM's to another OU? Try applying that GPO there as well.
I believe it's called "AADDC Computers GPO" but I'm not sure!
- Excellent catch! There is indeed a GPO called AADDC Computers GPO, applied to the AADDC Computers OU, that does just what you described. I have been putting my session hosts in a separate OU so I could apply WVD-specific policies to them. I linked the GPO to my WVD Host OU, ran gpupdate /force on a session host, and got in with my not-really-a-domain-admin account. 🙂 Thanks!
- Glad you got it sorted out!
YannickJanssens1986 This helped me out. Thank you! Same issue, using a separate OU and didnt think to link this GPO.
