Join windows server 2019 to Azure AD

Copper Contributor

Is there an option or work around to join windows server 2019 standard to azure AD for authentication ? 

20 Replies

@Craig635thank you i will give it a try 

@Jeremiah Kibanga 

My VM is on-prem running in Hyper-V, so that is of little help...

Yes there is. 

 

The articles linked previously are for Virtual Machines that have been created within Azure. 

 

I have managed to connect a Windows Server 2019 Standard machine, that is running as a VM on my local laptop, to Azure Active Directory.  

It has connected over the internet the same as windows 10 operating systems do. 

 

I can login with my Azure AD Account and manage it fully and apply policies to it. 

 

I would not recommend this. 

 

It involved getting the Microsoft Store Installed, at which point I could then login and associate my Work account to the device. 

I could then install the company portal. 

 

I can provide further details if required.

 

Capture.PNG

 

@Jeremiah Kibanga 

@AzureMurph 

Hi, 

What do you think about managing the Infra. servers (Windows 2019 DC) hosted in the DMZ via the AD Azure?

Thanks in advance. 

 

@AzureMurph 

 

Please do share futher details. I would like to have shares from my on-prem Windows server 2019 to where I could authenticate with my AAD credentials

Windows Server 2019 Datacentre can be Azure AD domain joined as part of the offering of it's license. 

 

Joining a server to Azure AD does not sound like it will be the correct solution to the issue you currently have. 

 

Do you have a Microsoft Support representative assigned to your company that you can work with, to advise and assist you?

@AzureMurph 

Could you provide details to achieve this? I want to test in a isolated environment. 

@AzureMurph That sounds like a solution i am looking for.. could you please share details how did you connect the AAD to your Windows Server 2019?

 

I get an error while connecting with the company portal

Server 2019 (hybrid with on-prem AD) can easily be AAD joined with GPO

 

Seb

@Adã Silva 

 

I would advise to not waste your time trying to join Windows Sever 2019 standard builds to Azure AD. 

It's fiddly and doesn't work fully. 

The steps you should follow are to either use Server Datacentre licenses, or contact your Microsoft representative to discuss the use case and licensing options for your situation. 

@AzureMurph 

 

Hello Dear,

 

I couldn't find the work or school account in server 2019 and find the blow screenshot for your reference. 

Venkatesh190_0-1611997087857.png

 

Hi All,

 

Been a whilst since I have had time to revisit this.

Had to remind myself again today how to do it.

I don't have an exact step by step document for you. But...

Start with this.

https://github.com/kkkgo/LTSC-Add-MicrosoftStore

I am presuming that if you are trying to join a server to Azure AD, then you should hopefully have access to an Intune license.

In which case assign a license to your user. Create a company portal.

Download and install the company portal from the Microsoft Store (yes you can get the Microsoft store working on windows server 2019)

There are some local group policy settings I had to play around with.

And some registry keys.

Login into the company portal admin website from the server you wish to add to azure ad.

https://portal.manage.microsoft.com/

Go to devices, follow the default settings through to add the device you are logged onto into the company portal.

That will then enable you to login to the server with an azure AD account.

It will also register the device as a device within Azure AD.

 

I don't have time to write this up fully now, but message me if you get stuck.

 

Cheers.

 

 

server.PNG

@AzureMurph 

 

I am attempting to complete this and am running into issues with an error 8018001C. Any thoughts?

 

The device shows in the AAD.

importsleyer_0-1624897799722.png

 

@Jeremiah Kibanga 
Hello All,

 

I believe that we couldn't do it on physical servers but we have a chance to do that on azure vm's

++Adding below doc for Ref:

https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows

 

@AzureMurphI also get 8018001c when attempting an aadj of Windows Server 2022. What group policies and registry settings should I look at?

That's not AAD Joined, that's hybrid joined. You should know the difference.