i. Domain Name : this is the domain name you chose when configuring Azure AD Domain Services. Make sure this is the same value, otherwise we won’t be able to join computers to your domain. ii. Service Account User Name: when deploying Azure AD Domain Services you created a group called “AAD DC Administrators” in your Azure Active Directory. Members of this group have the necessary privileges to join computers to the domain. Use one of those accounts here.5. Assign users to Azure RemoteApp. Keep the following in mind
- Azure RemoteApp will provision your collection; part of that process will attempt to join computers to your Azure AD Domain Services managed domain. If you see failures related to problems with the domain, here are some tips:i. Verify the domain and VNet information in your collection. ii. Create your own VM in the Azure Management Portal; make sure it is added to the same VNet you used with Azure AD Domain Services. Log onto the VM and try to join it to the domain. If this process fails, you are probably using wrong credentials or the network configuration is incorrect. iii. If the network configuration is correct and you are certain you are using the correct admin account, double check you followed the instructions under “Step 5: Enable password synchronization” . If your user accounts have not been synced correctly, they won’t work with sign in into Azure AD Domain Services.
i. When you create or sync a user into AAD you choose the UPN for the user. For example, you may choose to use one of the public domain names you own – the user’s AAD UPN may look like this: email@example.com
ii. When creating Azure AD Domain Services you choose a domain name; for example, you may choose the default domain name that comes with your AAD: contoso.onmicrosoft.com. The user’s Azure AD Domain Services UPN would be firstname.lastname@example.org
iii. In this case the user would not be able to log into Azure RemoteApp because the UPNs are different. Either change the UPN in AAD or change the name of the domain in Azure AD Domain Services.
i. Originally when we designed domain-joined collections we assumed they will always use a regular customer-owned Active Directory which is synced into Azure Active Directory.
ii. We added a check to make sure that only users properly sourced from AD (“dir synced”) can be added to the collection. Users who were not synced, but created directly in AAD, would not be able to connect to Azure RemoteApp since they have no access to the domain.
iii. With Azure AD Domain Services all users from AAD (no matter how created) are “projected” into the managed domain, so this check is not necessary.
iv. While we work on removing this limitation, please make sure that you dir sync users into AAD before adding them to your Azure RemoteApp collection. For non-sync’ed users you will see an error message when adding them to the collection. Note: Questions and comments are welcome. For troubleshooting requests, post a new thread in the Remote Desktop clients forum . Thank you!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.