Forum Discussion
AAD Join & Onpremise resources SSO
Hi,
I want to join the Windows 10 devices to AAD using AAD Join, by this, I get SSO for resources in the cloud. But do I get SSO for on-premise resources for e.g Fileshares and Print etc?
I have gone through the below articles, I really did not understand how I get TGT & TGS from on-premise Dcs without the computer account in the on-premise active directory.
I do not want to use Domain Join + Device registration as I would like to manage client devices in Azure AD using intune(so only AADJoin so that i can manage devices using intune)
Articles i refered
https://blogs.technet.microsoft.com/trejo/2016/04/09/azure-ad-join-vs-azure-ad-device-registration/
https://blogs.technet.microsoft.com/janketil/2016/01/25/single-sign-on-to-on-premises-resources-from-azure-ad-joined-when-onprem/
https://jankesblog.com/2016/01/single-sign-on-to-on-premises-resources-from-azure-ad-joined-when-onprem/
Hi,
At last i found that it is possible to get both PRT from AAD & TGT from onprem AD for a user logged on to AAD Join machine(no hybrid, just AAD Join).
We should have a windows 2016 AD DCs to achieve this.
I could get PRT & TGT once I installed 2016 DC.
- No, in order to get SSO for both you have to setup and use what is called Hybrid Join. Here is an article explaining that: https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup
Hi,
At last i found that it is possible to get both PRT from AAD & TGT from onprem AD for a user logged on to AAD Join machine(no hybrid, just AAD Join).
We should have a windows 2016 AD DCs to achieve this.
I could get PRT & TGT once I installed 2016 DC.
- Thank you.
